[google-cloud-sql-discuss] Can't get SSL to work for Postgresql

I downloaded the server & client certificates, but they don't verify using openssl:

openssl verify -verbose -issuer_checks -CAfile /etc/database/certificates/server-ca.pem -purpose sslclient /etc/database/certificates/client-cert.pem

It fails with the message:

CN = Test, O = "Google, Inc", C = US
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/database/certificates/client-cert.pem: verification failed

Also, when plugging in the file paths into DbVisualizer, I get this error:

Long Message:
FATAL: connection requires a valid client certificate

Details:
   Type: org.postgresql.util.PSQLException
   SQL State: 28000

My understanding is that the issuer of the client should match the subject of the server, but using the following commands suggest that they don't:

openssl x509 -in /etc/database/certificates//client-cert.pem -noout -issuer
openssl x509 -noout -subject -in /etc/database/certificates/server-ca.pem

issuer=dnQualifier = 319a6a2b-0750-41d3-9b05-16cdf8b121cf, CN = Google Cloud SQL Client CA Test, O = "Google, Inc", C = US
subject=dnQualifier = 41ff6064-07be-43c1-9e00-94a9de7cc5c1, CN = Google Cloud SQL Server CA, O = "Google, Inc", C = US

Any suggestions on how to debug appreciated.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/a869663c-d835-44df-a681-1a930143450f%40googlegroups.com.