Unlike psql and other libpq based programs the JDBC driver does server certificate validation by default. This means that when establishing a SSL connection the JDBC driver will validate the server's identity preventing 'man in the middle' attacks. It does this by checking that the server certificate is signed by a trusted authority. If you have a certificate signed by a global certificate authority (CA), there is nothing further to do because Java comes with copies of the most common CA's certificates. If you are dealing with a self-signed certificate though, you need to make this available to the Java client to enable it to validate the server's certificate.
Note
Dbeaver Postgresql Client Portal
DBeaver is a free, open source multiplatform database management tool and SQL client for developers and database administrators. DBeaver can be used to access any database or cloud application that has an ODBC or JDBC driver, such as Oracle, SQL Server, MySQl, Salesforce, or MailChimp. Now that the postgres container is running I’d like to connect to it using Dbeaver sql client which I have on my host. I set up a new connection with the following settings: For the host I tried both localhost and then 172.21.0.3 because thats what showed when I searched for the containers ip address. DBeaver is certainly an ultimate Universal client which incorporates RDBMS and NoSQL Databases. The GUI is very useful and easy to manipulate all kind of DB queries.DBeaver is remarkably fast and stable. It loads quickly and responds instantaneously. Especially, It is the only client tool for Apache Cassandra NoSQL Database in market.
Only the JDBC 3 driver supports SSL. The 1.4 JDK was the first version to come bundled with SSL support. Previous JDK versions that wanted to use SSL could make use of the additional JSSE library, but it does not support the full range of features utilized by the PostgreSQL™ JDBC driver.
To make the server certificate available to Java, the first step is to convert it to a form Java understands. From here the easiest thing to do is import this certificate into Java's system truststore. The default password for the cacerts keystore is changeit. The alias to postgesql is not important and you may select any name you desire.
If you do not have access to the system cacerts truststore you can create your own truststore. When starting your Java application you must specify this keystore and password to use. In the event of problems extra debugging information is available by adding -Djavax.net.debug=ssl to your command line.
Postgresql Client Dbeaver
To instruct the JDBC driver to try and establish a SSL connection you must add the connection URL parameter ssl=true.
In some situations it may not be possible to configure your Java environment to make the server certificate available, for example in an applet. For a large scale deployment it would be best to get a certificate signed by recognized certificate authority, but that is not always an option. The JDBC driver provides an option to establish a SSL connection without doing any validation, but please understand the risk involved before enabling this option.
DBeaver - A Universal Database Tool. HeidiSQL - GUI client for MariaDB, MySQL, Microsoft SQL Server and PostgreSQL.
A non-validating connection is established via a custom SSLSocketFactory class that is provided with the driver. Setting the connection URL parameter sslfactory=org.postgresql.ssl.NonValidatingFactory will turn off all SSL validation.