Quick Links

Re: Azure Database for PostgreSQL flexible server: password authentication failed

From:	Alexander Farber <alexander(dot)farber(at)gmail(dot)com>
To:	pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject:	Re: Azure Database for PostgreSQL flexible server: password authentication failed
Date:	2025-02-28 14:56:43
Message-ID:	CAADeyWh+6HtWaa8ctVD_PPcBEwS=qYSkYqkQh8JV=wAYBots3Q@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Sorry, correction for the openssl command output:

$ openssl s_client -connect 172.21.32.4:5432 -starttls postgres
Connecting to 172.21.32.4
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root
G2
verify return:1
depth=1 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing
CA 07
verify return:1
depth=0 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=
c1fba9900d4d.database.azure.com
verify return:1
---
Certificate chain
0 s:C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=
c1fba9900d4d.database.azure.com
i:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
v:NotBefore: Feb 25 14:04:55 2025 GMT; NotAfter: Aug 24 14:04:55 2025 GMT
1 s:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07
i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
2 s:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIJAjCCBuqgAwIBAgITMwFrt0ld3qCMMByM7wAAAWu3STANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA3
MB4XDTI1MDIyNTE0MDQ1NVoXDTI1MDgyNDE0MDQ1NVowdjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH2MxZmJhOTkwMGQ0ZC5kYXRhYmFzZS5h
enVyZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DAq18XNN
Z/Jmmi7CLNlwEmTXGqAU9O+mNSjoQdFXNkw+CsyvPgohhBv35R/iN0Km8r3MV793
+RgORhpj6I/0nEOTeIJwVZIjSAEO+BDnCcn58vcCNqyES0QJ9IcVFYpu9jT19mAb
kvKjbcNbyJX4rKHwToXaDlxOTvaQMESci6XbY1Ixwd5MJHRUyg8c6+RbN1emA1Vm
pMPukdlaCZlH9HnD/IXcY/EUJXoQxfYJPupDH5BefQrazwHgF8vCJ9tNuxk/8tu4
leTiQxth6liveloD5QvfEEffgo9kzgT6hGVbi7Rc0u52i1nij3nFlGQAWOCYfr3A
0dAS5vYug7WhAgMBAAGjggSgMIIEnDCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFn
AHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjoAAAGVPXYAAAAABAMA
RzBFAiBWJCHBbRAlwMXXEkTLba2Pzp1N8MR4ANBkmP9lgsw0SAIhAKOwOq+62T+g
0BgnVC4EEAC2jqjNPLxHdjZOogDiKQaLAHUAfVkeEuF4KnscYWd8Xv340IdcFKBO
lZ65Ay/ZDowuebgAAAGVPXYAmgAABAMARjBEAiAKgJP9C2rqQVsRmN2n2qERvQcc
xisnOO41cSr7d1oYTQIgLl7B30ElHd+81o3+jd4WoBTE2lmRUFPqmH3aGBEFoZEA
dgAaBP9J0FQdQK/2oMO/8djEZy9O7O4jQGiYaxdALtyJfQAAAZU9dgDWAAAEAwBH
MEUCICtDLEVHUfSi+PZ8jOTyBvRSbfj06loyvD2V66cOpYcfAiEAnPy1VHyO+SlE
ygBp6CyUdAj5G7dPCQYzfAqy2HFiv3wwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEF
BQcDAjAKBggrBgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcb
gefrRoKBnS6O0AyH8NodXYKr5zCH7fEfAgFkAgEtMIG0BggrBgEFBQcBAQSBpzCB
pDBzBggrBgEFBQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j
ZXJ0cy9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBD
QSUyMDA3JTIwLSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9j
c3AubWljcm9zb2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBTNtIVCLokZd4K37tTOK5Lu
JI5hXzAOBgNVHQ8BAf8EBAMCBaAwgakGA1UdEQSBoTCBnoIyY2NnLWRldmVsb3At
cG9zdGdyZXNxbC5wb3N0Z3Jlcy5kYXRhYmFzZS5henVyZS5jb22CR2YxYjhmMGMw
OTA2YS5jY2ctZGV2ZWxvcC1wb3N0Z3Jlc3FsLnByaXZhdGUucG9zdGdyZXMuZGF0
YWJhc2UuYXp1cmUuY29tgh9jMWZiYTk5MDBkNGQuZGF0YWJhc2UuYXp1cmUuY29t
MAwGA1UdEwEB/wQCMAAwagYDVR0fBGMwYTBfoF2gW4ZZaHR0cDovL3d3dy5taWNy
b3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwQXp1cmUlMjBSU0ElMjBU
TFMlMjBJc3N1aW5nJTIwQ0ElMjAwNy5jcmwwZgYDVR0gBF8wXTBRBgwrBgEEAYI3
TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br
aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAWgBTO
FRY76gKjpmva2Sv95YxSvnpQqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
AwEwDQYJKoZIhvcNAQEMBQADggIBAHIlDqGGk6NsNXDVyXsheLN7L9FP4tHjdiwy
+GSPgrrb5lWuqTjFWdzYokm0RW/Ez0JX2aq88BueTGUNw6XO9pq/KD44OD8VClJH
WeW3NhCKn901uyV9rUMrNZ37oPlM53NP6zkC1qfOy4sLG5UHr+Ne532W0mtVga5K
YeeufReC/1Ze/3xZQ6iTxrt39urvDhIpVQZap3GUwTEqiOH6T+kp8DnuwpScLTBB
B9HmMModtysYLRH8Gl4jTyLfCdI+hfOavESLev8F+jmgIyEOvHH5bWf/N1Lp2NaE
LdbJ5pMcACzkcG71TTUGhrDums4ukng9ggJ+jQ+dS7n5eXVF+H7GbA1bj+wKq8UB
dXEHinaPin4Xer4KqKMV62lHclEMQzvzI6KH9OT4+wKi6dZ78MVmCvJJJsZKk0dP
dfnK6/Nbw5khDPXqEvQru86cRU0KGrUuKOCF0yeeXMc1kyU4O6cAhScMwbQ+WXTN
TpSflR4NK4+QIoc9yShP9oAQV4uvAO8WtH5fzWYKyuY4oPJlyecLXzfo1Ll+vipx
DaOc/pNY6WUKNz3b4qRSP8iPArvyi8ZSRn7so1Dsuk9+225cs67WQKnA05YZc1hO
S3PVFN2225qZ0NLxAFQbDp5zb9QWFOpylzwYXW1+FNzpM1RDTL6us5kn3Ip4F+FY
HQ8wk+6o
-----END CERTIFICATE-----
subject=C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=
c1fba9900d4d.database.azure.com
issuer=C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA
07
---
Acceptable client certificate CA names
DC=GBL, DC=AME, CN=AME INFRA CA 01
DC=GBL, DC=AME, CN=AME Infra CA 02
DC=GBL, DC=AME, CN=AME Infra CA 03
DC=GBL, DC=AME, CN=AME Infra CA 04
DC=GBL, DC=AME, CN=AME Infra CA 05
DC=GBL, DC=AME, CN=AME Infra CA 06
CN=AME G1 TLS RSA 2048 SHA256 2024 CUS CA 07
CN=AME G1 TLS RSA 2048 SHA256 2024 EUS2 CA 07
CN=AME G1 TLS RSA 2048 SHA256 2024 EUS2EUAP CA 07
CN=AME G1 TLS RSA 2048 SHA256 2024 WCUS CA 07
CN=AME G1 TLS RSA 2048 SHA256 2024 WUS2 CA 07
CN=MSIT CA Z2
C=US, O=Microsoft Corporation, CN=MSFT BALT RS256 CA
C=US, O=Microsoft Corporation, CN=MSFT RS256 CA-1
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 03
C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 04
C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 07
C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 08
C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing AOC CA 01
C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing AOC CA 02
C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing EOC CA 02
C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing EOC CA 01
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing EOC CA 01
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing AOC CA 01
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing AOC CA 02
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing EOC CA 02
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012
Entrust, Inc. - for authorized use only, CN=Entrust Certificat
ion Authority - L1K
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2014
Entrust, Inc. - for authorized use only, CN=Entrust Certificat
ion Authority - L1M
CN=CCME G1 TLS RSA 2048 SHA256 2049 CUS CA 01
CN=CCME G1 TLS RSA 2048 SHA256 2049 EUS2 CA 01
CN=CCME G1 TLS RSA 2048 SHA256 2049 EU2C CA 01
CN=CCME G1 TLS RSA 2048 SHA256 2049 WCUS CA 01
CN=CCME G1 TLS RSA 2048 SHA256 2049 WUS2 CA 01
DC=GBL, DC=AME, CN=ameroot
CN=Microsoft Internal Corporate Root
C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority
2017
C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority
2017
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009
Entrust, Inc. - for authorized use only, CN=Entrust Root Certification
Author
ity - G2
C=US, O=Microsoft Corporation, CN=Commercial Cloud Root CA R1
Requested Signature Algorithms:
ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PS
S+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1
Shared Requested Signature Algorithms:
ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512
:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 9903 bytes and written 749 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

But then psql fails:

$ psql "postgresql://postgres:password12345!!@
172.21.32.4:5432/postgres?sslmode=require"
psql: error: connection to server at "172.21.32.4", port 5432 failed:
FATAL: password authentication failed for user "postgres"

In response to

Azure Database for PostgreSQL flexible server: password authentication failed at 2025-02-28 14:52:32 from Alexander Farber

Responses

Re: Azure Database for PostgreSQL flexible server: password authentication failed at 2025-02-28 15:05:20 from Alexander Farber

Browse pgsql-general by date

	From	Date	Subject
Next Message	Alexander Farber	2025-02-28 15:05:20	Re: Azure Database for PostgreSQL flexible server: password authentication failed
Previous Message	Alexander Farber	2025-02-28 14:52:32	Azure Database for PostgreSQL flexible server: password authentication failed