PostgreSQL has native support for using SSL connections to encrypt client/server communications for increased security. See Section 16.8 for details about the server-side SSL functionality.
If the server demands a client certificate, libpq will send the certificate stored in file ~/.postgresql/postgresql.crt within the user's home directory. A matching private key file ~/.postgresql/postgresql.key must also be present, and must not be world-readable. (On Microsoft Windows these files are named %APPDATA%\postgresql\postgresql.crt and %APPDATA%\postgresql\postgresql.key.)
If the file ~/.postgresql/root.crt is present in the user's home directory, libpq will use the certificate list stored therein to verify the server's certificate. (On Microsoft Windows the file is named %APPDATA%\postgresql\root.crt.) The SSL connection will fail if the server does not present a certificate; therefore, to use this feature the server must also have a root.crt file.
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.