Unable to connect - self signed certificate

Hi there! :slight_smile:
I have been trying to get SSL connections to work for some time, and now I have to ask the community for help :slight_smile:. Safe to say I'm not very experienced with TLS / SSL connections.

I have a self-hosted PostgreSQL server that I would like to add some security to when running queries to it from Retool.
I have already IP whitelisted the Retool IP-adresses so that only the Retool IP-adresses can have access, and everything have been working great while I have been testing Retool out. I was now ready for another layer of security before I really begin to use Retool.

My only issue right now is that I self sign my certificates, and Retool does not allow for that when the resource is a PostgreSQL database. I get the "Unable to connect. Error: self signed certificate" error message.
I have read that there is an option to use self signed certificates with other types of resources, but have not found one for my application.

I found a thread where Victoria answers another user (IP Whitelisting Security Concerns) and refers to the Security page in Docs (Security). The page states that "Security affects everything we do at Retool. We are SOC 2 Type 2 compliant and we:
Force HTTPS on all connections, so data in-transit is encrypted with TLS 1.2".

Do I understand this correctly;
If I make a query to my database from Retool, I don't need to use SSL connection because the data (data-in-transit I guess?) going between my database and Retool are encrypted and kept from "the man in the middle" ?
If not, is there any way I can use my self signed certificate?
I would rather not have to update my certificate every so and so days, because I'm the only user of this database.

Thank you very much in advance of your answers.


Hey @AndEid! Would these docs be helpful by any chance? https://docs.retool.com/docs/connect-ssl-tls

And for your last question, let me double check with our security now to get their insight :slight_smile:

You can definitely trust what's listed in our security docs that you linked above. As for using your own certs, did the docs I linked help at all?