No joy,
django.db.utils.OperationalError: (2026, 'SSL connection error: error:0A000086:SSL routines::certificate verify failed')
But in fact, i think there's more to this.
Normally you would need to generate a new private key and certificate for the client. This typically involves the following steps:
1. Generate a new private key for the client.
2. Create a certificate signing request (CSR) for the new private key.
3. Submit the CSR to a certificate authority (CA) to get it signed, resulting in a new client certificate.
thus my config needs:
'ssl': {
'ca': os.path.join(BASE_DIR, 'ca.pem'),
'cert': os.path.join(BASE_DIR, 'cert.pem'),
'key': os.path.join(BASE_DIR, 'key.pem'),
}
and I can't generate those client certificates because I can't vouch for ownership of the domain: it's your domain.
After a bunch of conversations with Chat GPT, this is the take home:
"typically in a hosting arrangement, the hosting provider owns and controls the physical server and the associated domain. As a customer, you’re renting space on their server to host your website or application. However, you usually have the ability to manage your own content and sometimes certain configurations within your rented space.
If you need to generate SSL certificates for a domain that’s controlled by your hosting provider, you would typically need to go through them or use a service they provide. This is because generating a certificate for a domain requires proving control over that domain, which is something the hosting provider would be able to do."
So is there some avenue through plesk to get my hands on a client key and certificate? Cos I don't think there's any way for me to do it with what I found on there... the key and certificate on the plesk page are - in all likelihood - the server key and certificate and SSL is asymmetric.