On both Mac and Windows, and for both Postgres 16 and 17, the sslrootcert=system option on connection strings passed to psql is broken:

“C:\Program Files\PostgreSQL\17\bin\psql.exe" "postgresql://user:pass@ep.region.cloud.neon.tech/db?sslrootcert=system"

psql: error: connection to server at "ep.region.cloud.neon.tech" (2600:...), port 5432 failed: SSL error: unregistered scheme

AFAIK this has been true ever since Postgres 16 (which introduced the feature) has been available. It's a great shame, since it blocks wider adoption of this helpful security feature.

I haven't figured out why it's broken, but I do have a list of some installations that are and that aren't: https://gist.github.com/jawj/57bc9d1f350ffd5250942cf24957b3a7

To reproduce the issue, simply install Postgres from an EnterpriseDB installer and point psql at a free Neon database, having swapped sslmode=require for sslrootcert=system on the end of the connection string.