I have a dns entry db.whatever.example.com and would like to just point it at my Neon instance as part of a migration saving me the headache of having to rebuild. I get this error in dbeaver when I hit test connection. I probably have to do a migration anyway since the username password changed and there’s no way to set a custom password, but still it’d be nice.
SSL error: Received fatal alert: access_denied
Received fatal alert: access_denied
Hey, not sure if it’s only a password issue (thinking there can be some SSL certificate validation issue)
However, if you want to have an user with permanent password across your branches, I think you should be able to create a separate user (role), with custom password. Manage Roles - Neon Docs
@Yetzederixx, it appears that the SSL certificate is not valid for your domain. It’s only valid for aws.neon.tech domains. For example, in my instance, the certificate is only valid if the domain ends with eu-central-1.aws.neon.tech as indicated by Subject: CN = *.eu-central-1.aws.neon.tech.
You can verify this by following the instructions in this DBA Stack Exchange post:
If you’re looking to save time and not replace the hostname, user, and password each time due to compute node changes with a new branch, there’s a solution. You can repoint an existing compute node from an old branch to a new one. Unfortunately, it’s only possible via the API and not through the UI. However, it’s a simple single request, which makes it quite straightforward.
You can find out how to do this in the Neon documentation under branch promotion:
@Mahmoud: The documentation for this process is somewhat buried in this guide. It might be beneficial to relocate the information to the Manage Computes wiki page.
@Yetzederixx, if above method doesn’t meet your needs, and you require your own URL for connections, the best alternative would be to set up a reverse proxy. This involves spinning up an EC2 instance and pointing your domain to that EC2. With this setup, you can generate your own certificates.
For guidance on setting up a reverse proxy, refer to this article: