The certificates endpoint allows you to retrieve the public certificate used by the Postgres server for encrypting connections with SSL. Retrieving the certificate isn’t necessary to connect to a provisioned Crunchy Bridge Postgres cluster, but can be used by connecting clients to verify the server’s authenticity for an additional layer of security. See secure TCP/IP connections with SSL in the official Postgres documentation for more information.
Certificates and their corresponding keys are generated on a per-team basis, meaning that all clusters owned by the same team will use the same pair.
See the Getting Started section for details on retrieving a short lived token you can use to submit requests to this endpoint.
Getting a team’s certificate
Authorization header is required, with the value set to
Note the use of
.pem at the end of the URL path, which tells the API to retrieve a team’s certificate rather than a JSON representation of the team itself.
curl --request GET "https://api.crunchybridge.com/teams/eaevtjiudzeq7bsqbbpiscund4.pem"\ --header "Authorization: Bearer 22rpvk7jjdqfci6rjbrl24x5m"
Unlike many other endpoints, certificates are returned as a PEM chain instead of JSON. PEM is a common format that encodes X.509 certificates in base-64, and compatible with most programs that are aware of public key cryptography.
Content-Type: application/pem-certificate-chain -----BEGIN CERTIFICATE----- MIIBpTCCAUqgAwIBAgIJAOpVdLgUZI57MAoGCCqGSM49BAMDMCUxIzAhBgNVBAMM GnF2Y3c0aHlsb3ZneXpid3pwNTNibW1saGdhMB4XDTIxMDQyMDIxMjcxOFoXDTQx MDQxNTIxMjcxOFowJTEjMCEGA1UEAwwacXZjdzRoeWxvdmd5emJ3enA1M2JtbWxo Z2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARuvZSMx1nB3ZTh4VXD8FhJdYOm qaUkmS8Am5eIYz2phijntduqEgaZ9f5NZHnM3Jh/rixE2mf8y3lRTObUsv9/o2Mw YTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU+cOX IU6+6L8fwxAZOwgjhTS6zd4wHwYDVR0jBBgwFoAU+cOXIU6+6L8fwxAZOwgjhTS6 zd4wCgYIKoZIzj0EAwMDSQAwRgIhAJrYnMLLYuGYKlbnUCTmHxXQlCVNUzye1AhH BMr9EXiFAiEA5OXXHiJkSyZtKyqDpDJmsKvTkKT5CHa7/vnaOZkZZzE= -----END CERTIFICATE-----