Bug in Azure Logic App's PostgreSQL connector

Question

Bug in Azure Logic App's PostgreSQL connector

Oliver 0

Hello!

Azure Logic App. Added action "PostgreSQL -> Insert Row". This requires creating a connection to an actual PostgreSQL server, which in our case is an Azure PostgreSQL for Flexible Server instance.

I have filled out the following connection details:

Connection Name
Server (the FQDN of our Azure PostgreSQL for Flexible Server)
Database Name
Authentication Type (you can only choose "Basic" there)
Username
Password
Encrypt Connection (tickbox, is enabled)

And once I hit "Create", the connection fails with the following message:

Failed to create connection: { "status": 400, "message": "An error happened while reading data from the provider: 'The remote certificate is invalid according to the validation procedure.'\r\n inner exception: An error happened while reading data from the provider: 'The remote certificate is invalid according to the validation procedure.'\r\nclientRequestId: 945f8b89-398a-4737-91b9-6d9753cb7548", "error": { "message": "An error happened while reading data from the provider: 'The remote certificate is invalid according to the validation procedure.'\r\n inner exception: An error happened while reading data from the provider: 'The remote certificate is invalid according to the validation procedure.'" }, "source": "postgresql-ne.azconn-ne-003.p.azurewebsites.net" }

This seems to be a bug in the Azure Logic App's PostgreSQL connector, as PostgreSQL's server certificate is managed by Azure and should follow whatever rules Azure sets.

Can someone from the Azure team please check on this.

Best wishes
Oliver

Rakesh Mishra 2,025 Reputation points Microsoft External Staff Moderator

2025-08-25T18:45:43.6433333+00:00
Hello Oliver,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Could you please check and provide the details as requested below.

Try connecting to your PostgreSQL instance using a different SQL client (like pgAdmin or psql) to see if the same SSL issue occurs there. This can help isolate whether it's an issue with the Logic App or a broader configuration issue.

Encrypt Connection (tickbox, is enabled) - try with encryption unchecked and whether logic app is able to connect to DB.

Is the Postgres endpoint public or is it using a Private Endpoint?

What is the Logic App type: Consumption (managed connector) or Standard? Is it configured with Managed VNet?

Does the DB firewall include the logic app's IP or ‘Allow Azure services’ setting?
Oliver 0 Reputation points

2025-08-25T19:27:14.5333333+00:00
Thank you for your reply. Here are more details:

Try connecting to your PostgreSQL instance using a different SQL client (like pgAdmin or psql) to see if the same SSL issue occurs there. This can help isolate whether it's an issue with the Logic App or a broader configuration issue.

Connecting to our PostgreSQL instance using pgAdmin 9.6 on Windows 11 works fine.

Encrypt Connection (tickbox, is enabled) - try with encryption unchecked and whether logic app is able to connect to DB.

It does not work, as PostgreSQL's server parameter "require_secure_transport" is enabled.

Is the Postgres endpoint public or is it using a Private Endpoint?

PostgreSQL's endpoint is public.

What is the Logic App type: Consumption (managed connector) or Standard? Is it configured with Managed VNet?

Logic App type is Consumption. It is not integrated with a Vnet.

Does the DB firewall include the logic app's IP or ‘Allow Azure services’ setting?

PostgreSQL's firewall has the "Allow public access from any Azure service within Azure to this server" enabled.

Thank you for your reply. Here are more details:

Try connecting to your PostgreSQL instance using a different SQL client (like pgAdmin or psql) to see if the same SSL issue occurs there. This can help isolate whether it's an issue with the Logic App or a broader configuration issue.

Connecting to our PostgreSQL instance using pgAdmin 9.6 on Windows 11 works fine.

Encrypt Connection (tickbox, is enabled) - try with encryption unchecked and whether logic app is able to connect to DB.

It does not work, as PostgreSQL's server parameter "require_secure_transport" is enabled.

Is the Postgres endpoint public or is it using a Private Endpoint?

PostgreSQL's endpoint is public.

What is the Logic App type: Consumption (managed connector) or Standard? Is it configured with Managed VNet?

Logic App type is Consumption. It is not integrated with a Vnet.

Does the DB firewall include the logic app's IP or ‘Allow Azure services’ setting?

PostgreSQL's firewall has the "Allow public access from any Azure service within Azure to this server" enabled.

2 answers

Your answer

Rakesh Mishra 2,025 Reputation points Microsoft External Staff Moderator

2025-08-25T18:45:43.6433333+00:00

Hello Oliver,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Could you please check and provide the details as requested below.

Try connecting to your PostgreSQL instance using a different SQL client (like pgAdmin or psql) to see if the same SSL issue occurs there. This can help isolate whether it's an issue with the Logic App or a broader configuration issue.

Encrypt Connection (tickbox, is enabled) - try with encryption unchecked and whether logic app is able to connect to DB.

Is the Postgres endpoint public or is it using a Private Endpoint?

What is the Logic App type: Consumption (managed connector) or Standard? Is it configured with Managed VNet?

Does the DB firewall include the logic app's IP or ‘Allow Azure services’ setting?

Answer 1

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Answer 2

Hello Oliver, Thank you for the details.

This happens because Azure recently changed the security certificates used by PostgreSQL servers. The Logic App’s PostgreSQL connector doesn’t yet recognize or trust the new certificates used by Azure, so it refuses to connect. It’s not a problem with your server or credentials - it’s about the Logic App not having the right certificate to trust the server’s identity.

The best fix is to make sure your Logic App trusts the updated certificates Azure uses. Here’s how to do that step-by-step:

Get the Right Certificates Azure PostgreSQL servers use three main root certificates that your Logic App needs to trust. You need to download them:
- DigiCert Global Root CA
- DigiCert Global Root G2
- Microsoft RSA Root Certificate Authority 2017
Combine the Certificates After downloading, you combine all three certificates into one bundle. This bundle becomes the list of certificates your Logic App trusts when connecting securely.
Upload Certificates to Your Logic App in the Azure Portal, go to your Logic App’s settings and upload this combined certificate bundle. This tells your Logic App to use these certificates to verify the PostgreSQL server.
Configure an Environment Setting After uploading, add an app setting named WEBSITE_LOAD_ROOT_CERTIFICATES to your Logic App’s configuration. This setting holds the thumbprint(s) of your uploaded certificates, telling the Logic App to load and trust them.
Restart and Retry Finally, restart your Logic App to apply the changes and try creating the PostgreSQL connection again. It should now connect without certificate errors.

Quick Temporary Fix (Not for Production)

If you want a quick workaround for testing:

You can turn off SSL enforcement on your PostgreSQL server (not recommended for production since it removes encryption).
In the Logic App PostgreSQL connection, uncheck the “Encrypt Connection” option.
This makes the connection insecure but can help verify if the problem is certificate related.

If the above is not feasible, you could:

Use the JDBC connector instead, which lets you specify the trusted certificates directly.
Build a custom connector or use an Azure Function as a middleman to handle the connection securely.

Microsoft Reference Documentation

Oliver 0 Reputation points

2025-08-31T20:01:08.7233333+00:00

Thank you for your reply, but unfortunately the Consumption type Logic Apps do no support anything related to certificates, file uploads, or environment variables.

When will the Logic App’s PostgreSQL connector receive new Azure certificates?
Pashikanti Kumar 1,080 Reputation points Microsoft External Staff Moderator

2025-10-13T18:08:53.12+00:00

Hi Oliver,

Use alternate integration methods like Logic Apps Standard, which runs in App Service environment and supports certificate management.

Use a custom connector, Azure Function, or another intermediary service with configurable trust for PostgreSQL connections

Logic Apps Standard supports uploading certificates and environment variables, giving you control over trusted certificates

Reference

Limits and configuration reference guide - Azure Logic Apps | Microsoft Learn

Encrypted Connectivity with TLS/SSL - Azure Database for PostgreSQL | Microsoft Learn

Environment Variables and App Settings Reference - Azure App Service | Microsoft Learn
Rupesh Asati 780 Reputation points Microsoft External Staff Moderator

2025-10-16T16:21:44.68+00:00

Hello Oliver,

I hope you checked the last response, and it was helpful. Please do let me know if you need any further assistance on this.

Thanks

Share via

Bug in Azure Logic App's PostgreSQL connector

2 answers

Your answer