Oh, I see this:
We highly recommend that the PostgreSQL instance uses a server certificate generated by a widely recognized Certificate Authority such as VeriSign or GeoTrust. This will ensure that the certificate meets all of the relevant encryption and formatting standards. Some cloud storage providers, such as Google Cloud and Amazon RDS, also generate server certificates for the PostgreSQL instances that they host. Currently, server certificates generated by TinyCA are not supported.
It’s also good practice to sign the server certificate using SHA-2 hashing algorithms. This is because SHA-1 algorithms are no longer considered fully secure, and many cloud providers, including Microsoft, Amazon, and Google, are increasingly moving to SHA-2 and SHA-3.
It’s not clear if this is saying certificates generate by Google Cloud will meet “all of the relevant encryption and formatting standards”, or if I need to use a cert from VeriSign or GeoTrust…?