Why can't my third-party utility connect to Heroku Postgres with SSL?


  • You are attempting to connect to your Heroku Postgres database with a third-party tool, such as Amazon Quicksight or Google Data Studio. This tool is trying to use SSL verification but the connection is failing.
  • You are trying to find the CA files or certificate for your Heroku Postgres server.


Amazon Quicksight, Google Data Studio and similar tools require that SSL connections be negotiated with CA-verifiable certificates.

Unless you're using a Private or Shield Heroku Postgres database, Heroku Postgres does not currently support verifiable certificates. Our certificates will change when the underlying hardware has issues and we move your database away from it. As such, these tools cannot be used with Heroku Postgres unless you can configure them to use traditional username/password authentication.

For Private or Shield Heroku Postgres databases, you can use Mutual TLS to create a secure and mutually authenticated channel between an external resource and your database. With this feature, Heroku will generate CA-verifiable certificates that you can download and configure in your client/external tool.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support