I am trying to connect Azure Postgres instance with SSL enabled. My understanding is if SSL enabled, I must provide certificate for authentication but it allow me to connect without passing any certificate.
I am using below command:-
psql "host=ServerName.postgres.database.azure.com port=5432 dbname=postgres user=postgres@ServerName password=Password"
if we don't pass SSLmode, psql try for SSL first but my question how does it get certificate to initiate connection to SSL enabled Postgres.
I cannot speak about Azure, which may be modified, but PostgreSQL lets you connect without a client certificate by default. The purpose of SSL in that case is not to authenticate the client, but to encrypt the communication to protect it from eavesdropping.
Note that with the default settings, PostgreSQL does not protect you from man-in-the-middle attacks.
You can change the default behavior if you want the client to validate the server certificate or you want the server to request a certificate from the client.