Certificates

The certificates endpoint allows you to retrieve the public certificate used by the Postgres server for encrypting connections with SSL. Retrieving the certificate isn’t necessary to connect to a provisioned Crunchy Bridge Postgres cluster, but can be used by connecting clients to verify the server’s authenticity for an additional layer of security. See secure TCP/IP connections with SSL in the official Postgres documentation for more information.

Certificates and their corresponding keys are generated on a per-team basis, meaning that all clusters owned by the same team will use the same pair.

See the Getting Started section for details on retrieving a short lived token you can use to submit requests to this endpoint.

Getting a team’s certificate

GET /teams/{id}.pem

The Authorization header is required, with the value set to Bearer {access_token}.

Note the use of .pem at the end of the URL path, which tells the API to retrieve a team’s certificate rather than a JSON representation of the team itself.

Request example

curl --request GET "https://api.crunchybridge.com/teams/eaevtjiudzeq7bsqbbpiscund4.pem"\
    --header "Authorization: Bearer 22rpvk7jjdqfci6rjbrl24x5m"

Response example

Status code: 200 OK

Unlike many other endpoints, certificates are returned as a PEM chain instead of JSON. PEM is a common format that encodes X.509 certificates in base-64, and compatible with most programs that are aware of public key cryptography.

Content-Type: application/pem-certificate-chain

-----BEGIN CERTIFICATE-----
MIIBpTCCAUqgAwIBAgIJAOpVdLgUZI57MAoGCCqGSM49BAMDMCUxIzAhBgNVBAMM
GnF2Y3c0aHlsb3ZneXpid3pwNTNibW1saGdhMB4XDTIxMDQyMDIxMjcxOFoXDTQx
MDQxNTIxMjcxOFowJTEjMCEGA1UEAwwacXZjdzRoeWxvdmd5emJ3enA1M2JtbWxo
Z2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARuvZSMx1nB3ZTh4VXD8FhJdYOm
qaUkmS8Am5eIYz2phijntduqEgaZ9f5NZHnM3Jh/rixE2mf8y3lRTObUsv9/o2Mw
YTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU+cOX
IU6+6L8fwxAZOwgjhTS6zd4wHwYDVR0jBBgwFoAU+cOXIU6+6L8fwxAZOwgjhTS6
zd4wCgYIKoZIzj0EAwMDSQAwRgIhAJrYnMLLYuGYKlbnUCTmHxXQlCVNUzye1AhH
BMr9EXiFAiEA5OXXHiJkSyZtKyqDpDJmsKvTkKT5CHa7/vnaOZkZZzE=
-----END CERTIFICATE-----