Why can't my third-party utility connect to Heroku Postgres with SSL?


  • You are attempting to connect to your Heroku Postgres database with a third-party tool, such as Amazon Quicksight or Google Data Studio. This tool is trying to use SSL verification but the connection is failing.
  • You are trying to find the CA files or certificate for your Heroku Postgres server.


Amazon Quicksight, Google Data Studio and similar tools require that SSL connections be negotiated with CA-verifiable certificates.

By Default (without Enhanced Certificates feature mentioned below)

For Private or Shield Heroku Postgres databases, you can use Mutual TLS to create a secure and mutually authenticated channel between an external resource and your database. With this feature, Heroku will generate CA-verifiable certificates that you can download and configure in your client/external tool.

If you aren't using a Private or Shield Heroku Postgres database and therefore can't use the Mutual TLS feature, Heroku Postgres does not currently support verifiable certificates. Our certificates will change when the underlying hardware has issues and we move your database away from it. As such, these tools cannot be used with Heroku Postgres unless you can configure them to use traditional username/password authentication.

Enhanced Certificates

Heroku has released a Beta feature known as Enhanced Certificates (currently available for evaluation purposes) that makes it possible to connect to Heroku Postgres databases from a third party client with verifiable certificates.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support