Thank you for all the replies , I think even if psql does not verify the certificate , it still has to import it. I guess like David mentioned it might have default certificates in the client and server.
> It works by default because both the server and client are usually > installed from the same source and the same default certificate files are > provided to each.
Actually I suspect the answer is "it works because the default behavior is to just encrypt the connection, not to try to verify the server certificate". If you want it to fail when it doesn't recognize the server cert, you need sslmode=verify-ca or sslosslmode=verify-full in your connection string. See sslmode here:
