diff --git a/.github/workflows/tests-ssl.yml b/.github/workflows/tests-ssl.yml
new file mode 100644
index 000000000..81913ed14
--- /dev/null
+++ b/.github/workflows/tests-ssl.yml
@@ -0,0 +1,240 @@
+name: Tests with SSL
+
+on:
+  push:
+    branches:
+        - "*"
+  pull_request:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_name }}
+  cancel-in-progress: true
+    
+jobs:
+  test:
+    runs-on: ubuntu-22.04
+
+    services:
+      opengauss:
+        image: opengauss/opengauss-server:latest
+        ports:
+          - 5432:5432
+        env:
+          GS_USERNAME: root
+          GS_USER_PASSWORD: Passwd@123
+          GS_PASSWORD: Passwd@123
+        options: >-
+          --privileged=true
+          --name opengauss-custom
+
+    steps:
+      - name: Reset permissions for checkout
+        run: |
+          sudo chmod -R u+rwX certs || true
+        if: always()
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Set up Python 3.9
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.9"
+          cache: pip
+
+      - name: Create and activate virtual environment
+        run: |
+          python -m venv venv
+          echo "VENV_PATH=$GITHUB_WORKSPACE/venv/bin" >> $GITHUB_ENV
+          source venv/bin/activate
+
+      - name: Create omm user
+        run: |
+          sudo useradd -m -s /bin/bash omm || true
+          sudo usermod -aG docker omm || true
+
+      - name: Create configuration directories
+        run: |
+          mkdir -p ${{ github.workspace }}/opengauss/conf
+          sudo chown omm:omm ${{ github.workspace }}/opengauss/conf ${{ github.workspace }}/certs || true
+          sudo chmod 755 ${{ github.workspace }}/opengauss/conf ${{ github.workspace }}/certs || true
+
+      - name: Set certificate permissions
+        run: |
+          sudo chown -R omm:omm ${{ github.workspace }}/certs
+          sudo chmod 644 ${{ github.workspace }}/certs/*key || true
+          sudo chmod 644 ${{ github.workspace }}/certs/*.crt || true
+
+      - name: Create postgresql.conf with SSL
+        run: |
+          sudo -u omm bash -c 'cat > ${{ github.workspace }}/opengauss/conf/postgresql.conf <<EOF
+          max_connections = 200
+          session_timeout = 10min
+          bulk_write_ring_size = 2GB
+          max_prepared_transactions = 200
+          cstore_buffers = 512MB
+          enable_incremental_checkpoint = on
+          incremental_checkpoint_timeout = 60s
+          enable_double_write = on
+          wal_keep_segments = 16
+          enable_slot_log = off
+          synchronous_standby_names = '"'"'*'"'"'
+          walsender_max_send_size = 8MB
+          hot_standby = on
+          enable_kill_query = off
+          logging_collector = on
+          log_filename = '"'"'postgresql-%Y-%m-%d_%H%M%S.log'"'"'
+          log_file_mode = 0600
+          log_rotation_size = 20MB
+          log_min_duration_statement = 1800000
+          log_connections = off
+          log_disconnections = off
+          log_duration = off
+          log_hostname = off
+          log_line_prefix = '"'"'%m %u %d %h %p %S '"'"'
+          log_timezone = '"'"'UTC'"'"'
+          enable_alarm = on
+          connection_alarm_rate = 0.9
+          alarm_report_interval = 10
+          alarm_component = '"'"'/opt/snas/bin/snas_cm_cmd'"'"'
+          use_workload_manager = on
+          datestyle = '"'"'iso, mdy'"'"'
+          timezone = '"'"'UTC'"'"'
+          lc_messages = '"'"'en_US.utf8'"'"'
+          lc_monetary = '"'"'en_US.utf8'"'"'
+          lc_numeric = '"'"'en_US.utf8'"'"'
+          lc_time = '"'"'en_US.utf8'"'"'
+          default_text_search_config = '"'"'pg_catalog.english'"'"'
+          lockwait_timeout = 1200s
+          pgxc_node_name = '"'"'gaussdb'"'"'
+          audit_enabled = on
+          job_queue_processes = 10
+          dolphin.nulls_minimal_policy = on
+          password_encryption_type = 0
+          wal_level = logical
+          application_name = '"'"''"'"'
+          listen_addresses = '"'"'*'"'"'
+          max_replication_slots = 10
+          max_wal_senders = 10
+          shared_buffers = 512MB
+          ssl = on
+          ssl_cert_file = '"'"'/var/lib/opengauss/certs/server.crt'"'"'
+          ssl_key_file = '"'"'/var/lib/opengauss/certs/server.key'"'"'
+          ssl_ca_file = '"'"'/var/lib/opengauss/certs/ca.crt'"'"'
+          EOF'
+          sudo chmod 644 ${{ github.workspace }}/opengauss/conf/postgresql.conf
+
+      - name: Create pg_hba.conf with SSL
+        run: |
+          sudo -u omm bash -c 'cat > ${{ github.workspace }}/opengauss/conf/pg_hba.conf <<EOF
+          local   all             all                                     trust
+          host    all             all             127.0.0.1/32            trust
+          host    all             all             ::1/128                 trust
+          hostssl all all 0.0.0.0/0 cert
+          host all all 0.0.0.0/0 md5
+          host replication gaussdb 0.0.0.0/0 md5
+          EOF'
+          sudo chmod 644 ${{ github.workspace }}/opengauss/conf/pg_hba.conf
+
+      - name: Debug file permissions
+        run: |
+          ls -l ${{ github.workspace }}/opengauss/conf/
+          whoami
+          docker info --format '{{.ServerVersion}}'
+          docker ps -a
+
+      - name: Copy configuration files to container data directory
+        run: |
+          docker exec opengauss-custom mkdir -p /var/lib/opengauss/data
+          docker cp ${{ github.workspace }}/opengauss/conf/postgresql.conf opengauss-custom:/var/lib/opengauss/data/postgresql.conf
+          docker cp ${{ github.workspace }}/opengauss/conf/pg_hba.conf opengauss-custom:/var/lib/opengauss/data/pg_hba.conf
+
+          docker exec opengauss-custom mkdir -p /var/lib/opengauss/certs
+          docker cp ${{ github.workspace }}/certs/server.crt opengauss-custom:/var/lib/opengauss/certs/
+          docker cp ${{ github.workspace }}/certs/server.key opengauss-custom:/var/lib/opengauss/certs/
+          docker cp ${{ github.workspace }}/certs/ca.crt opengauss-custom:/var/lib/opengauss/certs/
+
+      - name: Fix SSL cert permissions
+        run: |
+          sudo chown -R $(whoami):$(whoami) ${{ github.workspace }}/certs
+          sudo chmod 600 ${{ github.workspace }}/certs/*
+          
+      - name: Set permissions inside container
+        run: |
+          docker exec opengauss-custom chown omm:omm /var/lib/opengauss/data/postgresql.conf /var/lib/opengauss/data/pg_hba.conf /var/lib/opengauss/certs/server.crt /var/lib/opengauss/certs/server.key /var/lib/opengauss/certs/ca.crt
+          docker exec opengauss-custom chmod 600 /var/lib/opengauss/data/postgresql.conf /var/lib/opengauss/data/pg_hba.conf /var/lib/opengauss/certs/server.crt /var/lib/opengauss/certs/server.key /var/lib/opengauss/certs/ca.crt
+
+      - name: Restart openGauss to apply configuration
+        run: |
+          docker restart opengauss-custom
+
+      - name: Install GaussDB libpq driver
+        run: |
+          sudo apt update
+          sudo apt install -y wget unzip
+          wget -O /tmp/GaussDB_driver.zip https://dbs-download.obs.cn-north-1.myhuaweicloud.com/GaussDB/1730887196055/GaussDB_driver.zip
+          unzip /tmp/GaussDB_driver.zip -d /tmp/ && rm -rf /tmp/GaussDB_driver.zip
+          \cp /tmp/GaussDB_driver/Centralized/Hce2_X86_64/GaussDB-Kernel*64bit_Python.tar.gz /tmp/
+          tar -zxvf /tmp/GaussDB-Kernel*64bit_Python.tar.gz -C /tmp/ && rm -rf /tmp/GaussDB-Kernel*64bit_Python.tar.gz && rm -rf /tmp/_GaussDB && rm -rf /tmp/GaussDB_driver
+          echo /tmp/lib | sudo tee /etc/ld.so.conf.d/gauss-libpq.conf
+          sudo sed -i '1s|^|/tmp/lib\n|' /etc/ld.so.conf
+          sudo ldconfig
+          ldconfig -p | grep pq
+
+      - name: Install dependencies
+        run: |
+          source venv/bin/activate
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install ./tools/isort-gaussdb/
+          pip install "./gaussdb[dev,test]"
+          pip install ./gaussdb_pool
+          
+      - name: Wait for openGauss to be ready
+        env:
+          GSQL_PASSWORD: Passwd@123
+        run: |
+          source venv/bin/activate
+          for i in {1..30}; do
+            pg_isready -h localhost -p 5432 -U root && break
+            sleep 10
+          done
+          if ! pg_isready -h localhost -p 5432 -U root; then
+            echo "openGauss is not ready"
+            exit 1
+          fi
+
+      - name: Verify SSL configuration
+        run: |
+          docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"SHOW ssl;\"'" | grep -q "on" || { echo "ERROR: ssl is not set to 'on'"; exit 1; }
+          docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"SHOW ssl_cert_file;\"'" | grep -q "/var/lib/opengauss/certs/server.crt" || { echo "ERROR: ssl_cert_file is not set to '/var/lib/opengauss/certs/server.crt'"; exit 1; }
+          docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"SHOW ssl_key_file;\"'" | grep -q "/var/lib/opengauss/certs/server.key" || { echo "ERROR: ssl_key_file is not set to '/var/lib/opengauss/certs/server.key'"; exit 1; }
+          docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"SHOW ssl_ca_file;\"'" | grep -q "/var/lib/opengauss/certs/ca.crt" || { echo "ERROR: ssl_ca_file is not set to '/var/lib/opengauss/certs/ca.crt'"; exit 1; }
+          echo "SSL configuration verified successfully"
+
+      - name: Create test database
+        run: |
+          docker exec opengauss-custom bash -c "su - omm -c 'gsql -d postgres -c \"CREATE DATABASE test ;\"'"
+
+      - name: Create report directory
+        run: |
+          mkdir -p reports
+
+      - name: Run tests
+        env:
+          PYTHONPATH: ./gaussdb:./gaussdb_pool
+          GAUSSDB_IMPL: python
+          GAUSSDB_TEST_DSN: "host=127.0.0.1 port=5432 dbname=test user=root password=Passwd@123 sslmode=verify-ca sslrootcert=${{ github.workspace }}/certs/ca.crt sslcert=${{ github.workspace }}/certs/client.crt sslkey=${{ github.workspace }}/certs/client.key"
+        run: |
+          export PGSSLDEBUG=1
+          source venv/bin/activate
+          pytest -s -v
+
+      - name: Cleanup
+        if: always()
+        run: |
+          docker stop opengauss-custom
+          docker rm opengauss-custom
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index bf05bedd6..cf01d0aa8 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -1,4 +1,4 @@
-name: Tests
+name: Tests without SSL
 
 on:
   push:
diff --git a/README.rst b/README.rst
index 308c622cc..18eca53bc 100644
--- a/README.rst
+++ b/README.rst
@@ -48,12 +48,19 @@ EulerOS x86_64 systems, you can obtain it by running::
 Installation from PyPI:
 
     python3 -m venv test_env
+
     source test_env/bin/activate
+
     pip install --upgrade pip
+
     pip install isort-gaussdb
+
     pip install gaussdb
+
     pip install gaussdb-pool
-    python -c "import gaussdb; print(gaussdb.__version__)"  # Outputs: 1.0.0.dev2
+
+    python -c "import gaussdb; print(gaussdb.__version__)"
+    # Outputs: 1.0.0.dev2
 
     # Run demo
     python ./example/demo.py
@@ -128,6 +135,11 @@ Now hack away! You can run the tests using on GaussDB::
     # Replace db_username, your_password, db_address with actual values
     export GAUSSDB_TEST_DSN="dbname=test user=db_username password=your_password host=db_address port=8000"
 
+    # If SSL connections are enabled, please set sslmode to require or verify-ca.
+    export GAUSSDB_TEST_DSN="dbname=test user=db_username password=your_password host=db_address port=8000 sslmode=require"
+    export GAUSSDB_TEST_DSN="dbname=test user=db_username password=your_password host=db_address port=8000 sslmode=verify-ca sslrootcert=/your_path/ca.pem" 
+
+
     # Run all tests using pytest, showing verbose output and test durations
     pytest --durations=0 -s -v
 
@@ -174,6 +186,185 @@ Recommended Steps to Run OpenGauss with Python GaussDB Driver Testing (Assuming
     # Run all tests using pytest, showing verbose output and test durations
     pytest --durations=0 -s -v
 
+Steps to Run OpenGauss(SSL) with Python GaussDB Driver Testing (Assuming Docker is Installed)::
+
+    # Create certificate directory
+    mkdir -p /opengauss8889/certs
+    cd /opengauss8889/certs
+
+    # Generate CA certificate
+    openssl genrsa -out ca.key 4096
+    openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
+    -subj "/C=CN/ST=OpenGauss/L=OpenGauss/O=MyOrg/OU=DB/CN=OpenGaussCA" \
+    -out ca.crt
+
+    # Generate server certificate
+    openssl genrsa -out server.key 2048
+    openssl req -new -key server.key \
+    -subj "/C=CN/ST=OpenGauss/L=OpenGauss/O=MyOrg/OU=DB/CN=opengauss.local" \
+    -out server.csr
+
+    # SAN config (replace IP/DNS with the address you will use to connect,
+    # for example 127.0.0.1 or the host IP)
+    cat > san.cnf <<EOF
+    [ req ]
+    default_bits = 2048
+    distinguished_name = req_distinguished_name
+    req_extensions = req_ext
+    [ req_distinguished_name ]
+    [ req_ext ]
+    subjectAltName = @alt_names
+    [ alt_names ]
+    DNS.1 = opengauss.local
+    IP.1 = 127.0.0.1
+    EOF
+
+    # Sign the server certificate with the CA, including SAN
+    openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
+    -out server.crt -days 730 -sha256 -extfile san.cnf -extensions req_ext
+
+    # Optional: client certificate (for mutual TLS)
+    openssl genrsa -out client.key 2048
+    openssl req -new -key client.key -subj "/CN=root" -out client.csr
+    openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
+    -out client.crt -days 730 -sha256
+
+    # Create configuration directory
+    mkdir -p /opengauss8889/conf
+    cat > /opengauss8889/conf/postgresql.conf <<EOF
+    max_connections = 200			# (change requires restart)
+    session_timeout = 10min			# allowed duration of any unused session, 0s-86400s(1 day), 0 is disabled
+    bulk_write_ring_size = 2GB		# for bulkload, max shared_buffers
+    max_prepared_transactions = 200		# zero disables the feature
+    cstore_buffers = 512MB         #min 16MB
+    enable_incremental_checkpoint = on	# enable incremental checkpoint
+    incremental_checkpoint_timeout = 60s	# range 1s-1h
+    enable_double_write = on		# enable double write
+    wal_keep_segments = 16		# in logfile segments, 16MB each normal, 1GB each in share storage mode; 0 disables
+    enable_slot_log = off
+    synchronous_standby_names = '*'	# standby servers that provide sync rep
+    walsender_max_send_size = 8MB  # Size of walsender max send size
+    hot_standby = on			# "on" allows queries during recovery
+    enable_kill_query = off			# optional: [on, off], default: off
+    logging_collector = on   		# Enable capturing of stderr and csvlog
+    log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
+    log_file_mode = 0600			# creation mode for log files,
+    log_rotation_size = 20MB		# Automatic rotation of logfiles will
+    log_min_duration_statement = 1800000	# -1 is disabled, 0 logs all statements
+    log_connections = off			# log connection requirement from client
+    log_disconnections = off		# log disconnection from client
+    log_duration = off			# log the execution time of each query
+    log_hostname = off			# log hostname
+    log_line_prefix = '%m %u %d %h %p %S '	# special values:
+    log_timezone = 'UCT'
+    enable_alarm = on
+    connection_alarm_rate = 0.9
+    alarm_report_interval = 10
+    alarm_component = '/opt/snas/bin/snas_cm_cmd'
+    use_workload_manager = on		# Enables workload manager in the system.
+    datestyle = 'iso, mdy'
+    timezone = 'UCT'
+    lc_messages = 'en_US.utf8'			# locale for system error message
+    lc_monetary = 'en_US.utf8'			# locale for monetary formatting
+    lc_numeric = 'en_US.utf8'			# locale for number formatting
+    lc_time = 'en_US.utf8'				# locale for time formatting
+    default_text_search_config = 'pg_catalog.english'
+    lockwait_timeout = 1200s		# Max of lockwait_timeout and deadlock_timeout +1s
+    pgxc_node_name = 'gaussdb'			# Coordinator or Datanode name
+    audit_enabled = on
+    job_queue_processes = 10        # Number of concurrent jobs, optional: [0..1000], default: 10.
+    dolphin.nulls_minimal_policy = on # the inverse of the default configuration value ! do not change !
+    password_encryption_type = 0
+    wal_level = logical
+    application_name = ''
+    listen_addresses = '*'
+    max_replication_slots = 10
+    max_wal_senders = 10
+    shared_buffers = 512MB
+    ssl = on
+    ssl_cert_file = '/var/lib/opengauss/certs/server.crt'
+    ssl_key_file = '/var/lib/opengauss/certs/server.key'
+    ssl_ca_file = '/var/lib/opengauss/certs/ca.crt'
+    EOF
+
+    cat > /opengauss8889/conf/postgresql.conf <<EOF
+    local   all             all                                     trust
+    host    all             all             127.0.0.1/32            trust
+    host    all             all             ::1/128                 trust
+    host all all 0.0.0.0/0 md5
+    hostssl all all 0.0.0.0/0 cert
+    host replication gaussdb 0.0.0.0/0 md5
+    EOF
+
+
+    # Pull the latest OpenGauss server image from Docker Hub
+    docker pull opengauss/opengauss-server:latest
+
+    # Run a new OpenGauss container in the background with:
+    # - custom container name "opengauss-custom"
+    # - privileged mode enabled
+    # - root user credentials set via environment variables
+    # - port 5432 exposed
+    docker run --name opengauss-cp --privileged=true -d \
+    -e GS_USERNAME=root \
+    -e GS_USER_PASSWORD=Password@123 \
+    -e GS_PASSWORD=Password@123 \
+    -p 8889:5432 \
+    -v /opengauss8889:/var/lib/opengauss \
+    -v /opengauss8889/certs:/var/lib/opengauss/certs \
+    -v /opengauss8889/conf/postgresql.conf:/var/lib/opengauss/data/postgresql.conf \
+    -v /opengauss8889/conf/pg_hba.conf:/var/lib/opengauss/data/pg_hba.conf \
+    opengauss/opengauss-server:latest
+
+    
+    # Enter the container shell
+    docker exec -it opengauss-cp bash
+
+    # Confirm the data directory (in some images it may be /var/lib/opengauss/data)
+    # Assume the data directory is /var/lib/opengauss/data
+    DATA_DIR=/var/lib/opengauss/data
+    # Find the owner (username) of the data directory
+    OWNER=$(stat -c '%U' "$DATA_DIR" 2>/dev/null || echo omm)
+
+    # Set proper permissions for the key files and change ownership to the data directory owner
+    chown "$OWNER":"$OWNER" /var/lib/opengauss/certs/*
+    chmod 600 /var/lib/opengauss/certs/*
+
+    # Verify the files
+    ls -l /var/lib/opengauss/certs
+
+    # Exit the container
+    exit
+
+    # Restart the container to apply changes
+    docker restart opengauss-cp
+
+    # ReEnter the container
+    docker exec -it opengauss-cp bash
+
+    # Switch to the default OpenGauss database user "omm"
+    su - omm
+
+    # Connect to the OpenGauss database using the gsql client
+    gsql -d postgres -p 5432 -U omm
+
+    -- Create a new database named "test" with Default compatibility with Oracle enabled
+    CREATE DATABASE test;
+
+
+    # Set the Python import path to include your local GaussDB Python project
+    # Replace your_path with actual values
+    export PYTHONPATH=/your_path/gaussdb-python
+
+    # Select the pure-Python implementation of the GaussDB adapter
+    export PSYCOPG_IMPL=python
+
+    # Set the test DSN (Data Source Name) as an environment variable
+    export GAUSSDB_TEST_DSN="dbname=test user=root password=Password@123 host=127.0.0.1 port=8889 sslmode=require" 
+    export GAUSSDB_TEST_DSN="dbname=test user=root password=Password@123 host=127.0.0.1 port=8889 sslmode=verify-ca sslrootcert=/opengauss8889/certs/ca.crt sslcert=/opengauss8889/certs/client.crt sslkey=/opengauss8889/certs/client.key"
+
+    # Run all tests using pytest, showing verbose output and test durations
+    pytest --durations=0 -s -v
 
 The library includes some pre-commit hooks to check that the code is valid
 according to the project coding convention. Please make sure to install them
diff --git a/certs/ca.crt b/certs/ca.crt
new file mode 100644
index 000000000..95a89acab
--- /dev/null
+++ b/certs/ca.crt
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsTCCA5mgAwIBAgIUIvJ46Qu70HQ0WsSDWiTKCXxVJLcwDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCU9wZW5HYXVzczESMBAGA1UEBwwJ
+T3BlbkdhdXNzMQ4wDAYDVQQKDAVNeU9yZzELMAkGA1UECwwCREIxFDASBgNVBAMM
+C09wZW5HYXVzc0NBMB4XDTI1MDgyNDEzMzk0NloXDTM1MDgyMjEzMzk0NlowaDEL
+MAkGA1UEBhMCQ04xEjAQBgNVBAgMCU9wZW5HYXVzczESMBAGA1UEBwwJT3Blbkdh
+dXNzMQ4wDAYDVQQKDAVNeU9yZzELMAkGA1UECwwCREIxFDASBgNVBAMMC09wZW5H
+YXVzc0NBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzV9hUnrCcTcs
+qQhCdbozWd6CarnLrGOnHksx5g/Vbb0+6XpHWDNzNjOCRgR5FP9ogQ5Ne4f48ruE
+kbeLwGf+bMy3p5epVzOamNoI9NE+Yme8HHtuKGnlLDvgFDxWspu8tTsCOebqI6uO
+D5drkLSywgIl6pXRJ0GAqOA8PnD8V//+FAUlnbreDd+um2WApAtRwcjMYVOWUqh5
+Y9w+5f6QcUdYwgZ4O/wIlXVYmeUBv0iny0kYon1hz0gP8yuBqBNk9cUDVJ1P16od
+uGHnXqD8lEbM7Q9dG5g1cEopOUvsiwFzEyGTBbdTKWfZ16/sjLd0uc1zRpsx3cf7
+fVccNR+fq/CawiQGzk5n3htmLSuruOn8qiqrQIj3cpeQ0Mj/YrVE3cTiEO6EnCPd
+yZCP2IRzFlUT2p9BsXTSbiw4Fi770KX53pU+Mr1xJ2RMWXL/MJb3ghosnCEd4bOl
+3U+IypPUDZlVBnXHgonYPhIEYEl+bz/PELxZxSYyfCWjxxFDpLFEQ0JPNML9Nu9R
+RIDBYk0e9GmxPmXQiejJnjoZSNNYoOsCq5xOpedDomiUDmBzJjk9quvyzteLxyHy
+GkyPeE9c0bvHUs5K1JXPlElEqp5MQR05CsdarNL1Pwhkh4nEbH0riPPF/ocVInzo
+8aynFSPQo0jK/wwv63d/MVnx1YCimG0CAwEAAaNTMFEwHQYDVR0OBBYEFCAgNikb
+PSCJ6yh2k5JopkgxjRaFMB8GA1UdIwQYMBaAFCAgNikbPSCJ6yh2k5JopkgxjRaF
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABqDw+xRZM29YZzo
+6GzPzc1rqWRcZVyCvxH6xpNuqKcAkoEQt+3JzIA65daz2lLwfmVyEomv7If6PBQR
+clQ4c77H8ReMEzRlm+NkTtTzHYegKyUs1POAezKOyKU9S1Lfl3DwjOboXxSwmUM3
+EpZPBFHjIDQ2DA8PtUMlThtUusyCiYzgYJlLqGaxZhG/tc+1y1uE2N1wDQaqAftQ
+CMsxogFlRKMsNXQB1ALxQGtDwUF5gldX10X+YsvBATskeSkR7u3wMlq7n4NTdQ3t
+p0vekdti6d5g6gwuui9uXPj1EfNJhZRzIZxvyL/kM5Z9AtkgzpCu1VVYvLCna34l
+yRJLGsVtgiLppT5sB58OJg/7VZ/oAwnW3KnyubkO0+LiHKNYNj0vimJPT0vWMzIt
+6Rnm9gFEpjdxkqddUTtS39Bw8OXetmocB57WI0hS20SPhl++yQBd9E2+IGn0yKZn
+6w6uFsZNmEt1pANS2+Dw6ZQF8ks1+6tvGT+AMW8inoXeNz6m5vjws75tMPjGMutR
+b02cgN6dWX68KB2QEz1UPp1ilRsYA8foCJq0ucz76ik2GeNlkL/n7w/Z4/1CH5ZH
+p2b17RddlZHgPR1jCPv8iSWpTAb8Mj44SUumSI6M18HHnNyPoOQS8uRCgyGlp243
+Xf6fd812ki7B85kBLJNyYDs7mTZi
+-----END CERTIFICATE-----
diff --git a/certs/ca.key b/certs/ca.key
new file mode 100644
index 000000000..f46143193
--- /dev/null
+++ b/certs/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDNX2FSesJxNyyp
+CEJ1ujNZ3oJqucusY6ceSzHmD9VtvT7pekdYM3M2M4JGBHkU/2iBDk17h/jyu4SR
+t4vAZ/5szLenl6lXM5qY2gj00T5iZ7wce24oaeUsO+AUPFaym7y1OwI55uojq44P
+l2uQtLLCAiXqldEnQYCo4Dw+cPxX//4UBSWdut4N366bZYCkC1HByMxhU5ZSqHlj
+3D7l/pBxR1jCBng7/AiVdViZ5QG/SKfLSRiifWHPSA/zK4GoE2T1xQNUnU/Xqh24
+YedeoPyURsztD10bmDVwSik5S+yLAXMTIZMFt1MpZ9nXr+yMt3S5zXNGmzHdx/t9
+Vxw1H5+r8JrCJAbOTmfeG2YtK6u46fyqKqtAiPdyl5DQyP9itUTdxOIQ7oScI93J
+kI/YhHMWVRPan0GxdNJuLDgWLvvQpfnelT4yvXEnZExZcv8wlveCGiycIR3hs6Xd
+T4jKk9QNmVUGdceCidg+EgRgSX5vP88QvFnFJjJ8JaPHEUOksURDQk80wv0271FE
+gMFiTR70abE+ZdCJ6MmeOhlI01ig6wKrnE6l50OiaJQOYHMmOT2q6/LO14vHIfIa
+TI94T1zRu8dSzkrUlc+USUSqnkxBHTkKx1qs0vU/CGSHicRsfSuI88X+hxUifOjx
+rKcVI9CjSMr/DC/rd38xWfHVgKKYbQIDAQABAoICAAQtC1KQONuKe3fLn8y7BrsU
+evxmklo+ahiDzBwmEd+GxWLqX81oUzbOVB80wHpWOZUrA3vrWnsjdJRt8gNTwGjZ
+izNDzAEZuIWhJIt6pO6yHOR+kgSnJ2GZE65cDiGlm9aBJt0JV/t2GPZlZgRUPrCs
+ahvCBIKGCQxMbibEfC0VGuDkIrN5W3VWwtTAFJ4ntZFGK8aGDfylfL2a4RO8jTCK
+FEDyie4jHgP3L3nTN6mtdYcwEYMquRsFsRiI6u/OLSbEmC1Xrlbvsf9pmWwwKjkH
+Oevo4xDIYIj+/D80NWqCLG/YJlNe1FJENu0obTWGfKYgI/CGMu/6iZ+VbnczqtB2
+Q1w13O1o0OXXmbGg89AgVQ6e4SA074HygdjW5Waiig1pxurYWG7F/68fLDZqeMtC
+AJ+/ViTpj/sBX5FaUrUA7eZoc8qwcFMKbS5kLt11VxBr2Ed1J2X+9ejJEiqQdrUq
+Go7n+Yjl1QZ5E07P193ldt211eNxiJ/8JyN4w5I7fSJ/et0MnFTmFBtGSSrvN42P
+6z33KRbh/gMQ5lgAB6GKQs7nropfZ5o4mcp/2VGCG1+kbtiJqOBVFJzWKfpkEgB0
+W85gv4xI2FxCi2xzAEQxwYdkDtqiCcR23VRorgtHro2gmdJKrbxUeTrm3AvHinKX
+oqiOeLx0ZfSOHHeKaaSVAoIBAQD20lZ5h7hTE54YvYSHaFiGuDzq/KzBxxNDiKxt
+yUVMUptFT91P7BiUHzmOXQ50rO9TjK79WGnTjm9mIm/jmCapX2G8oIBLbiwDyzvv
+/+oHnCaTQMGpFdYNbmXCTiM8yhdfPI9pKXFC4tcVqxgNu9Oxe5IHEZVxzY13qolF
+33P8++vSF9oIUZPiotc+5Nna0lXQS5DWf71rF2IeoqUGg2lTwoNqMtIsP3PAV68H
+0ZhaaA3YfCCw/BsrzijPtv1tg1FJ2kW7i5Pk7aq+IG+b1b6mLNxDP5SIt2KA433j
+8Hrq0EPTdReRknknX4pmrfki4H0ILyPV4bVo5r3mplt1z+5LAoIBAQDVAnX1Wk2M
+sa3WaPNwT090Xi2PCCil7sWGjoLObbk4GKbPbG3uRCgc+CvLnVVSbsvVU/b29UH/
+/ok2x2Zh+Cz+7V/FQHXPmliOwlnW+ZTSpaviE0rOUIR0BLkaFxt7N8EgcfIp2RtZ
+kbe6RKIcH94JqksM9ZDUO3QBUt+HG9gOHhSysTOQVYOefRCMbcLPpVaB4fRBFGR4
+JTfSMUVANJ9jFat2pKw0qZSMpapgASd5KAliSW0BrJq3/E8CWzKGo6ZV+27JdCvo
+C+zAL1+ycqscPBpiyT2KcXrRd0O9GdbiHMa6wnUPP068PnyoHFWFywwmAvrsSeI8
+FY8jpMHptQEnAoIBAGMeCJf5Rq4l/KEWyjfOUW6YYe5D1eRjW3sNUaEs6GVD7xKg
+hdFokF47Q9PFzt5P7DPzFPqsHKNWWan8Pk55dV0i7o7fLWYdMhO786/nZ0XzERKl
+OJ/8It916+thkYkB5uzZ1wV2HQOtMI6FDL3HJbXqV7P6/babwynBFCs5Fs0LJaJS
+7b3VdLvYhPO+1zWmrctd7SYWWiy9USvYSMka0JtQS5HEIt6eBI/DJojPRI1Zp+W9
+wysPsqGewojXhWILEAPGYaZ04MlYH+8F+4vrBAqbjUB8MdvNOQNlV9LHabUOOY6b
+QQG2fmyvU1b0mk3FNLCqrYtgfodH0g7j02q2O40CggEBANFAmpqNvJMTVR/FeCiD
+cR1zCzRwomXnu1mlFDEwLv1BklVAQnoHsJRM49Eh3VieiVUnJ/yREOYnqaoLlrN1
+dtZ0YFnJKjLogEi1+kWqZx3MLJ9prlohVQ0YOrK7sn6IVgvGhEvCARErih7NH6eb
+UqeSCCpR7pXfVeWbAQWcP9IWkOS+GVaX+zWtzJz3kqIj3Wi4jReFrfEtNrohNtON
+HmrbNdbWjGkrkkfc0xN+7sUhpJ5OXWyAoHlPvlolNux3RYc/+iSjICLT3B8sKsmF
+xjx1esJCyVcAhdPSYtQY1zTHah67uv1ghrt8cz8+nnFR97w7vz5yknHOCBDO4MPy
+0Y8CggEAOvipmiKf0u0oZ3fU8Xo3ZCiVg8SJkI94e5LwA/9YKoma3t0J/9lbKnSN
+kH9RYlfcz4hrDRxO2eMRdnH6UN32L8qQetHT9Anp5sAJlGzqLTnLzdZ+g3cauX5n
+EVNmYhR0D2mw164yYCkAEQKvJ4M7xToZno+jrIdwWHW+nnym6zE93dKUmTfHmig/
+VGKiGI5dQFV0YyKO8UzY6J0bgHFkJ3VXf8IpLHlK3kh+iz5EB4IchyWFOQE47SAg
+PR5lyIUby6VVluEesZewCqDhggGPsRuWoXydf3M7oZb1fXhpGwG8+ilQYH++IIZN
+aaPHWXC0bD6QC4X9ff8/6h+allDoIw==
+-----END PRIVATE KEY-----
diff --git a/certs/ca.srl b/certs/ca.srl
new file mode 100644
index 000000000..0d5a1583c
--- /dev/null
+++ b/certs/ca.srl
@@ -0,0 +1 @@
+60C663A6545310081D23AF7A482439DFC9FCCD78
diff --git a/certs/client.crt b/certs/client.crt
new file mode 100644
index 000000000..8d0abc150
--- /dev/null
+++ b/certs/client.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID/jCCAeYCFGDGY6ZUUxAIHSOvekgkOd/J/M14MA0GCSqGSIb3DQEBCwUAMGgx
+CzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlPcGVuR2F1c3MxEjAQBgNVBAcMCU9wZW5H
+YXVzczEOMAwGA1UECgwFTXlPcmcxCzAJBgNVBAsMAkRCMRQwEgYDVQQDDAtPcGVu
+R2F1c3NDQTAeFw0yNTA5MDExNDU2MDlaFw0yNzA5MDExNDU2MDlaMA8xDTALBgNV
+BAMMBHJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Qpajae9X
+BysLEaUeVIKJMdCPYHHrfi7MKjWC28yU7WDq41xEy7vxXwNk+X0tQvpdmn86Gbwt
+8mLdn4iTTjdRT2fZ5mcAxHKK/ShcEQy7cPvydgjD57ABJ/dCv4lR8whFdA1WNFyx
+X9me+aDAa/0W88A0k1qfSp7tko3jcv7kTfT3jwm2Kp9BkXM7Ielc7tHE1+cpOFCZ
+VArBM+gRlqxNq1TE2Ff08TdAQsWeL35xfZJBekGQ0MticSXwQ7quf8yPBCW1IY4D
+cBfaiGhHIy7SzolCF5c7O3ttTztaPgoBekHnHr7eIpKjDCBt48TdAI/xnbCHeRcf
+DNLieuUJBJStAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHpoP+UYEzQVJPYNt73b
+vBPKBh7JbF9zSZVlRVeHVwfMZGon3Y0LcXwcOliWns43kPBPKuqUfMEREgZg9IxJ
+RT9FMYOINXQTUYnhdFjYkN/FQ5Sedf2FnhD/BxjBI2QoMsCSCsISxSY+0G1f9y/C
+vubxQ0vdlxkQAD93D82udfsoEMHm70NxRGhhy0NHKlhX0MWnwagwg4DpICTZYhnQ
+cYJgZhXJchJgIZM2aPp6dHQ17KJKG+KkWJHaaUrFgJ2TMyVsV53NZCqvrz1NvKRI
+kA51YOKLUl75Nl6yOOC5kSJL1E0l7Eg44tc9G7fyAGEAtKvb7iCfVyXrb9tUoBgV
+tEn82iaY7WDA3BndoEu3XMp3E2sB/IooBJJp+1U9xFZgcjA/Bn9A3zvzINaivH+J
+fag40v4TQiAbA7dqsTc9a9ks7QMKyUKcw7KyiDgI54rLKCSaDw5q4XY4Fbu6zkbP
+0f7+SyPJCV4tWB6iCWCgqsm5Dc1iGqO5Pc9m2KjctFhxrlIxhDN2J+SLA7GQpaPb
+gdmv6a3bcbvGzphVX/0qt2bXgAtSdcxo7D5bAcCbGvEGQv/IPrUikG7ZwNa6VjQj
+P3+MvvSQMIMpQWZ9t5PU7g9q1SsVGq1n+e6hfC5NBmmX6CTP61/EPShv92T5gFYi
+oGPJQQUQF95q1Nna8Eyc7+L6
+-----END CERTIFICATE-----
diff --git a/certs/client.csr b/certs/client.csr
new file mode 100644
index 000000000..266b95b45
--- /dev/null
+++ b/certs/client.csr
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVDCCATwCAQAwDzENMAsGA1UEAwwEcm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAL1ClqNp71cHKwsRpR5Ugokx0I9gcet+LswqNYLbzJTtYOrj
+XETLu/FfA2T5fS1C+l2afzoZvC3yYt2fiJNON1FPZ9nmZwDEcor9KFwRDLtw+/J2
+CMPnsAEn90K/iVHzCEV0DVY0XLFf2Z75oMBr/RbzwDSTWp9Knu2SjeNy/uRN9PeP
+CbYqn0GRczsh6Vzu0cTX5yk4UJlUCsEz6BGWrE2rVMTYV/TxN0BCxZ4vfnF9kkF6
+QZDQy2JxJfBDuq5/zI8EJbUhjgNwF9qIaEcjLtLOiUIXlzs7e21PO1o+CgF6Qece
+vt4ikqMMIG3jxN0Aj/GdsId5Fx8M0uJ65QkElK0CAwEAAaAAMA0GCSqGSIb3DQEB
+CwUAA4IBAQANzepMyPE6e3N0jm2ajhVZS6cRqHRekcHOAFZL48MpqsInflJsnx/E
+G8fUpSiax3+3SfgLsI4bsHrb0GG93X/8NreG1qiC/8MsnHfZ5lcOlIooQnwiSKg/
+qR7CG2rs6lasZygRqGfIIEZXa39x9i1Pu4DWywt0u1GGEaD04VMHwx3ptENUzPKN
+OOxkMhQNq7FZIJGeF+UR7mzgQxt4Q354O++4Wy785pYDDpDku5k5cbkCAD2iYa/e
+Bgear2jOyyUQ6zDyHZNicm6oj3Jy053GGToFLltlBCpv/DBbe26l/sdCxRlB7JIZ
+S+wIZYZkmrmle004LDBjzNJpZBV9c0yX
+-----END CERTIFICATE REQUEST-----
diff --git a/certs/client.key b/certs/client.key
new file mode 100644
index 000000000..f81037449
--- /dev/null
+++ b/certs/client.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC9Qpajae9XBysL
+EaUeVIKJMdCPYHHrfi7MKjWC28yU7WDq41xEy7vxXwNk+X0tQvpdmn86Gbwt8mLd
+n4iTTjdRT2fZ5mcAxHKK/ShcEQy7cPvydgjD57ABJ/dCv4lR8whFdA1WNFyxX9me
++aDAa/0W88A0k1qfSp7tko3jcv7kTfT3jwm2Kp9BkXM7Ielc7tHE1+cpOFCZVArB
+M+gRlqxNq1TE2Ff08TdAQsWeL35xfZJBekGQ0MticSXwQ7quf8yPBCW1IY4DcBfa
+iGhHIy7SzolCF5c7O3ttTztaPgoBekHnHr7eIpKjDCBt48TdAI/xnbCHeRcfDNLi
+euUJBJStAgMBAAECggEAD9RF7R0AcPL0h/8jJEpFMLGt6TqpId0dOjjoM4MBYA4K
+kRq7A4tWs3VoP0XD+8kiT481x5I8yaBVjIZkpzgKKw7NIiMXHQVRNIwVQr4E++29
+5NA3ziAj+bTHWsR8+RGum2soF7xWvwRumyadv0+eN2aOU4IPjksbcnCo1WEvgxYC
+kkohBye3I57ha/rgNw/GxuvUMOfjYpnwwxaH5f01BNCcGh8ml0fbyA5kGWo4gtdD
+KMBD+juhfbxYLiPObIQjIeA1dtFTiCJ4zlWrcEzConef7bysadPrAYCllXc6Wu4a
+xwQMb0RBIs8TIIbFNE1czdvMLTVVig5mMrrrLInxsQKBgQDkqQjJseGcqAMCLtXJ
+utqd/u0+q+8Xu1yHOGSQUNfuqD0ylMPzhYpbJZOXhcxVtLZdLtWu0xCTf8h5wnpf
+hw3VW039BZUZ76phN0vrAxkbgqSgX7cNOaharMH3EqtlRwz9aEgRbz4M/QXt5o4o
+sBQslmhD0nMSm2M4f0zZ0IBaywKBgQDT45IdFZ/Vq6U/KL3ipAJ+T6o/ht9IsUGF
+ylphkU3zSt986j7UGYn2cwJOTIZwjLb8R7m2Loss7IlihQe56rwl38y7caUA3j/Y
+2XvshBufpd5y4KrqeR8Ti+LPDCChw09r/F8UJs/UN5svntjMatONXSxcx+I1HWoy
+xsNIdZ2HZwKBgAwihFrf289Kg05cWfAowG1eGA0ZZsjlopVygrO99petygGjL3r+
+/Ua1Cc4ixaNOwdbUI3bxsJGDWIpNrdzf9/X4sHzbDPyhYXNjUd4Y/f4dwsrYCYjk
+JHEbdfe8v+fSC3hvTlPOiYZ67xOfBrBWF9v9526h/oVgRbW728I7dHRdAoGAMQRv
+U80h2bNImhDZxKl+biwNzX5s/wsKhmHmgLW1m7fRdbtW54g0809t1CE95KGY30nU
+e4HO7oiVy7XMsMTN29EnMqG6szW2/Xpqga+aGFet21OAFpgIiWQOByneDq35HJkY
+gbfs0kI+40hTDQ8Ve5l3Xsta2EDCxZZXrNaQp7cCgYADVeQ/uBun1plel0/8vS4h
+FY2gAeKAH7XsNdi/CenZvUYY+Rv8CRKKLhdQwRMh/FhNWv43RExPZp3hEEVAwKZa
+VjeCAZLO1tS+4oIGroNYW8t4TpVwS+tA6qcxa1AsRUi2Mz+TUaOuNgYZ5YfvNC+/
+Yp/rFriPY1So4RS6Vp5pLg==
+-----END PRIVATE KEY-----
diff --git a/certs/readme.txt b/certs/readme.txt
new file mode 100644
index 000000000..3a5ccbc96
--- /dev/null
+++ b/certs/readme.txt
@@ -0,0 +1,37 @@
+# Generate CA
+openssl genrsa -out ca.key 4096
+openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
+-subj "/C=CN/ST=OpenGauss/L=OpenGauss/O=MyOrg/OU=DB/CN=OpenGaussCA" \
+-out ca.crt
+
+# Generate server key / csr
+openssl genrsa -out server.key 2048
+openssl req -new -key server.key \
+-subj "/C=CN/ST=OpenGauss/L=OpenGauss/O=MyOrg/OU=DB/CN=opengauss.local" \
+-out server.csr
+
+# SAN config (replace IP/DNS with the address you will use to access,
+# e.g. 127.0.0.1 or host IP)
+cat > san.cnf <<EOF
+[ req ]
+default_bits = 2048
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+[ req_distinguished_name ]
+[ req_ext ]
+subjectAltName = @alt_names
+[ alt_names ]
+DNS.1 = opengauss.local
+IP.1 = 127.0.0.1
+EOF
+
+# Sign server certificate with CA, include SAN
+openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
+-out server.crt -days 730 -sha256 -extfile san.cnf -extensions req_ext
+
+# Optional: client certificate (mutual TLS)
+openssl genrsa -out client.key 2048
+openssl req -new -key client.key -subj "/CN=root" -out client.csr
+openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
+-out client.crt -days 730 -sha256
+
diff --git a/certs/san.cnf b/certs/san.cnf
new file mode 100644
index 000000000..5d43f7c41
--- /dev/null
+++ b/certs/san.cnf
@@ -0,0 +1,10 @@
+[ req ]
+default_bits = 2048
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+[ req_distinguished_name ]
+[ req_ext ]
+subjectAltName = @alt_names
+[ alt_names ]
+DNS.1 = opengauss.local
+IP.1 = 127.0.0.1
diff --git a/certs/server.crt b/certs/server.crt
new file mode 100644
index 000000000..b92fdd4f4
--- /dev/null
+++ b/certs/server.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIExjCCAq6gAwIBAgIUYMZjplRTEAgdI696SCQ538n8zXYwDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCU9wZW5HYXVzczESMBAGA1UEBwwJ
+T3BlbkdhdXNzMQ4wDAYDVQQKDAVNeU9yZzELMAkGA1UECwwCREIxFDASBgNVBAMM
+C09wZW5HYXVzc0NBMB4XDTI1MDgyNDEzNDIyNFoXDTI3MDgyNDEzNDIyNFowbDEL
+MAkGA1UEBhMCQ04xEjAQBgNVBAgMCU9wZW5HYXVzczESMBAGA1UEBwwJT3Blbkdh
+dXNzMQ4wDAYDVQQKDAVNeU9yZzELMAkGA1UECwwCREIxGDAWBgNVBAMMD29wZW5n
+YXVzcy5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPCRm08e
+M3YBY9SHnBHPcxMhPkzqFt3geP4uPd4fF6SF2YasH8aEGsWMslmX4PlxI7k7+lst
+JG8E1zsDChTlhN79wTZqHwTVvWkozFzHl1HUZcELrChZnp/Za7+5sgDhz1nnFDS6
+Fv4JwbkvH+oTCoQc5tGINb9HgocZYAYyfMX/SU4U1esKoOe3OO00wCfCazcVY5Wk
+qpvf6xCMAIPIhrfY/PeP6+PqoHwat3jfGD7J6KMD85mhPYJwqkbDtercKTP3/s69
+q5vF/riQ4feDyHngfBzkgEmt2Mcxu7vbrW6ZqWlgHtT7Qw9N2m3sOxE/6FnNY6Qc
+56CJA7W+Nqowot0CAwEAAaNkMGIwIAYDVR0RBBkwF4IPb3BlbmdhdXNzLmxvY2Fs
+hwR/AAABMB0GA1UdDgQWBBTWi6pdIArIIqQIlQxhcQ2f0kwZaTAfBgNVHSMEGDAW
+gBQgIDYpGz0giesodpOSaKZIMY0WhTANBgkqhkiG9w0BAQsFAAOCAgEAuumoJDTh
+HW5vaUqRQUKZozPZgT8hqiOsqhPGEnb9WR3VvrPuHUJoaFHL9aeMrB6A+UOrPtmx
+BaRFKF5e+VOcWD/LDFNvkIypdxpG3QZqCdn2Ieve9QT//WhoPzcy0x/TcNV1IeEa
+6CYBD2ieGqQToFqocrTF60pZoOWa7zQF8/uVNysgs2TArf4+dNXkeIKprJsYjr9g
+IDf/VHgwk8e98mGMBe8QcawMfLc5lNYsQrUwdkKffcPbH7eVOuvurSpd64P6YkV1
+0X1jtl5srMPoQvc4FGEEGZtHKJSUMqlAPkTCPc08slsSMtyRRHwayZtawfd8Xz5G
+NZNS+exSXoopnpnEXJfO9Zp3PuIcGZpkKvzAYsBYajp98kZHc3lBAwRwJWgTAq0p
+ul1x/e1TZnWMPQE9IIoCOYQBjtRvMMlXOrAfomNk52UULWY9onjGlcm5hCFhHprV
+soC7te4M2Y+pJ72m1XVgWlThu9gvDiToBrtEM02MM9KvOH326hQQsrqOV/T9/e3o
+UI2Dw4n1h0Heli2aBIOFbMi7ePWIQOpFwe+M2nIsc5GhzeA+l/Ov6NGzKUQk7XQ2
+Jt3ZagT4Lg4fFuB805gjxCli7yJFJNw4OUD2TFjwB3vLApNB4R+jQLE9zYQUfsU/
+f1ZQ6ijLVwm8r+U9YM3bolzGbNYFSa8YWMw=
+-----END CERTIFICATE-----
diff --git a/certs/server.csr b/certs/server.csr
new file mode 100644
index 000000000..eb4f1774f
--- /dev/null
+++ b/certs/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsTCCAZkCAQAwbDELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCU9wZW5HYXVzczES
+MBAGA1UEBwwJT3BlbkdhdXNzMQ4wDAYDVQQKDAVNeU9yZzELMAkGA1UECwwCREIx
+GDAWBgNVBAMMD29wZW5nYXVzcy5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAPCRm08eM3YBY9SHnBHPcxMhPkzqFt3geP4uPd4fF6SF2YasH8aE
+GsWMslmX4PlxI7k7+lstJG8E1zsDChTlhN79wTZqHwTVvWkozFzHl1HUZcELrChZ
+np/Za7+5sgDhz1nnFDS6Fv4JwbkvH+oTCoQc5tGINb9HgocZYAYyfMX/SU4U1esK
+oOe3OO00wCfCazcVY5Wkqpvf6xCMAIPIhrfY/PeP6+PqoHwat3jfGD7J6KMD85mh
+PYJwqkbDtercKTP3/s69q5vF/riQ4feDyHngfBzkgEmt2Mcxu7vbrW6ZqWlgHtT7
+Qw9N2m3sOxE/6FnNY6Qc56CJA7W+Nqowot0CAwEAAaAAMA0GCSqGSIb3DQEBCwUA
+A4IBAQBlgLzxDmOQeLBP0AzPp6IV15uS61EJH9w77HyT5lI0ZHyZ1eNXyorXQADY
+obRf21TZjcptNt5OWAvenQgvtNJzU+hxqTADPGinWTu16mPhHTc1i+2/Xj5PHNbK
+uxYkyl6HWSbUFozymwoxEBGDVxptx8RtKRZ+/C/L4SKOB3ztQ0pWtrBS/KahGBae
+PwV8+dZpYJvfyppv2uFju6z3O1AFIgVv3QTEyDekQcq+zg9kE5QV+mULLE83ZxPq
+I54nZcYpfjlUcQKjKg8+wbPuxC/FWRrVexO3VLc9jRr245zfAPvN6CrWsU0pAX79
+bJkZNUgEkGQ4aU7fT6bTKLF/CIzL
+-----END CERTIFICATE REQUEST-----
diff --git a/certs/server.key b/certs/server.key
new file mode 100644
index 000000000..b0e9405f9
--- /dev/null
+++ b/certs/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDwkZtPHjN2AWPU
+h5wRz3MTIT5M6hbd4Hj+Lj3eHxekhdmGrB/GhBrFjLJZl+D5cSO5O/pbLSRvBNc7
+AwoU5YTe/cE2ah8E1b1pKMxcx5dR1GXBC6woWZ6f2Wu/ubIA4c9Z5xQ0uhb+CcG5
+Lx/qEwqEHObRiDW/R4KHGWAGMnzF/0lOFNXrCqDntzjtNMAnwms3FWOVpKqb3+sQ
+jACDyIa32Pz3j+vj6qB8Grd43xg+yeijA/OZoT2CcKpGw7Xq3Ckz9/7Ovaubxf64
+kOH3g8h54Hwc5IBJrdjHMbu7261umalpYB7U+0MPTdpt7DsRP+hZzWOkHOegiQO1
+vjaqMKLdAgMBAAECggEAbQxb3fffNOk5YxAbv3kNfUju8DeWqPoFbpbwhX0LnxDr
+g2AHwVmFtzHpcLJnkTrniiJ1gJoMb2S+2amtir5lxh051ZwyNmNbCk2roYz5+2Zv
+v5u2bM3/GQ+aB5054qt5bhPQ9Xu7S2mJzpNdgKIj/LILMUTwtCXKtcnbXMPLCoam
+lOlVOV1fbvR+haJl/KgifrJ+xyauHSGwmQwqX2QvT4KaiIHOhrL+LA23/Fc+dRgX
+FemCyIwXIT6/TOTskieN8zKzP77Vkxjwr22DY+/RmMWoOHL/TkR4t+Fz7Qlkm5wl
+rHWImxj1IbF0vXju4NJvMufN+pgzO+2pKONwa8CpowKBgQD/TVpmnho6xqtpxVOI
+AXsXONy14VXGzw0RYf9dOd8Pnq3egJFSH7GBuhJgS2BeHyzs4KmG77plWecSrylZ
+hxK/U0MpVUdNKUIjdBYY2gEnJiBdbpXW0CJMM95RhXhbTf83VQH+T90aPHySUA/P
+swISIkYWGj5GpZZCE39/7cL62wKBgQDxOfGkAt0LzbDsFC1Hg4e+7V7I4L1WDycw
+0GwCSTI8rfpZReK4CyOz7IV5B8z92CdF7cDxhFOs+mw6ZyZkpzU2Iff2qQ0NsvJm
+21ih3jN6wU4T7yNXI1SWeDA12n+WuuYsJzQT/lifNjJFROwG1xfJZDAb9IZrNPYQ
+j0b/KcpapwKBgAHYs2CuoA3wxeib7sC7EgLW/HGsUYyAjt2jUc+AzaY1RZioYWSw
+qf4ANIXRxb6ohxCnh1JchYKaJduyvJ/TJEWR+phf74YVWE8dVdOUMBHyaqWCWT8W
+fkkCzwbT6kzuwXvK95q5RSYdbeE5BwQ/jTJIYS1jvzOPmwibT37DX3elAoGBAJ9Q
+iIGsjnakM2vHa5wmhzmWpZn/q6wxt81qaVsdInum34ekOzcXzE2hMQmdGEqyPkXV
+3y7jGSxN+7qas2WYdPE6f/y8620XuTYrOZ82FEPHdRx/PJTpNY1m9Vgr5UYUS73v
+alqmCbuk3JCZE1T1K7WLYKal2TzmrniDV/1fiVBTAoGAX9ClHcHzy5+ofmIIuj2x
+z693lTf4+F0ZgjjFnaXhPOWIQe7HmhWUFyg5CJf/AurUFoeqciu9rRZfw7NxnIES
+z1kWH5KzMZX9VTd7giJnErLow6Y7lLe3HHagxKY8qVBhEa070EmEmr711e/dJD/m
+LQ7Sgj4mbx6HwKLNc8FSAXY=
+-----END PRIVATE KEY-----
diff --git a/tests/conftest.py b/tests/conftest.py
index c33e0e1ad..ba51b2728 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -165,3 +165,11 @@ def pytest_collection_modifyitems(config, items):
                 else "Marked as opengauss_skip"
             )
             item.add_marker(pytest.mark.skip(reason=reason))
+
+
+@pytest.fixture(autouse=True)
+def skip_if_ssl(request):
+    dsn = os.environ.get("GAUSSDB_TEST_DSN", "")
+    if "sslmode=require" in dsn or "sslmode=verify-ca" in dsn:
+        if ("timing" in request.node.keywords) or ("slow" in request.node.keywords):
+            pytest.skip("Skip timing-sensitive pool tests under SSL mode")
diff --git a/tests/fix_proxy.py b/tests/fix_proxy.py
index e1cefb478..f9d9e770f 100644
--- a/tests/fix_proxy.py
+++ b/tests/fix_proxy.py
@@ -61,7 +61,8 @@ def __init__(self, server_dsn):
         # Make a connection string to the proxy
         cdict["host"] = self.client_host
         cdict["port"] = self.client_port
-        cdict["sslmode"] = "disable"  # not supported by the proxy
+        if "sslmode" not in cdict:
+            cdict["sslmode"] = "disable"
         self.client_dsn = conninfo.make_conninfo("", **cdict)
 
         # The running proxy process
diff --git a/tests/pq/test_pgconn.py b/tests/pq/test_pgconn.py
index 52c7c9eb2..ed6f44e09 100644
--- a/tests/pq/test_pgconn.py
+++ b/tests/pq/test_pgconn.py
@@ -301,6 +301,12 @@ def test_used_password(pgconn, dsn, monkeypatch):
         "PGPASSWORD" in os.environ
         or [i for i in info if i.keyword == b"password"][0].val is not None
     )
+
+    kv = {i.keyword.decode(): (i.val.decode() if i.val else None) for i in info}
+    sslmode = (kv.get("sslmode") or "").lower()
+    if sslmode in ("require", "verify-ca", "verify-full"):
+        pytest.skip(f"Skipping password usage check under sslmode={sslmode}")
+
     if has_password:
         assert pgconn.used_password
 
diff --git a/tests/test_sslmode.py b/tests/test_sslmode.py
new file mode 100644
index 000000000..df7dafc5d
--- /dev/null
+++ b/tests/test_sslmode.py
@@ -0,0 +1,88 @@
+import os
+
+import pytest
+
+from gaussdb import connect
+
+SCHEMA = "test_schema"
+TABLE = "test01"
+
+
+@pytest.fixture(params=["require", "verify-ca"])
+def dsn(request):
+    """Retrieve DSN from environment variable based on SSL mode."""
+    dsn = os.environ.get("GAUSSDB_TEST_DSN")
+    if not dsn:
+        raise ValueError("GAUSSDB_TEST_DSN environment variable not set")
+
+    if f"sslmode={request.param}" not in dsn:
+        pytest.skip(f"DSN does not match sslmode={request.param}")
+    return dsn
+
+
+@pytest.fixture
+def db_conn(dsn):
+    """Set up database connection."""
+    conn = connect(dsn, connect_timeout=10, application_name="test01")
+    yield conn
+    conn.close()
+
+
+@pytest.fixture
+def setup_env(db_conn):
+    """Ensure clean environment for each test."""
+    cur = db_conn.cursor()
+    try:
+        cur.execute(f"DROP SCHEMA IF EXISTS {SCHEMA} CASCADE;")
+    except Exception:
+        pass
+    db_conn.commit()
+
+    cur.execute(f"CREATE SCHEMA {SCHEMA};")
+    cur.execute(f"SET search_path TO {SCHEMA};")
+    cur.execute(f"CREATE TABLE {TABLE} (id int, name varchar(255));")
+    db_conn.commit()
+    yield db_conn
+    try:
+        cur.execute(f"DROP SCHEMA IF EXISTS {SCHEMA} CASCADE;")
+    except Exception:
+        pass
+    db_conn.commit()
+
+
+def test_connection_info(setup_env):
+    """Test database connection and server information."""
+    cur = setup_env.cursor()
+    server_version = cur.execute("SELECT version()").fetchall()[0][0]
+    assert server_version is not None, "Server version should be available"
+    assert setup_env.info.vendor is not None, "Vendor should be available"
+    assert (
+        setup_env.info.server_version is not None
+    ), "Server version info should be available"
+
+
+def test_table_operations(setup_env):
+    """Test table creation, insertion, update, and selection."""
+    cur = setup_env.cursor()
+    insert_data_sql = f"INSERT INTO {SCHEMA}.{TABLE} (id, name) VALUES (%s, %s)"
+    update_data_sql = f"UPDATE {SCHEMA}.{TABLE} SET name='hello gaussdb' WHERE id = 1"
+    select_sql = f"SELECT * FROM {SCHEMA}.{TABLE}"
+
+    cur.execute(insert_data_sql, (100, "abc'def"))
+    cur.execute(insert_data_sql, (200, "test01"))
+    setup_env.commit()
+
+    cur.execute(select_sql)
+    results = cur.fetchall()
+    assert len(results) == 2, "Should have 2 rows"
+    assert (100, "abc'def") in results, "First inserted row missing"
+    assert (200, "test01") in results, "Second inserted row missing"
+
+    cur.execute(update_data_sql)
+    setup_env.commit()
+    cur.execute(select_sql)
+    updated_results = cur.fetchall()
+    assert len(updated_results) == 2, "Should still have 2 rows after update"
+    assert (1, "hello gaussdb") not in updated_results, "Update should not affect id=1"
+    assert (100, "abc'def") in updated_results, "First row should remain unchanged"
+    assert (200, "test01") in updated_results, "Second row should remain unchanged"