diff --git a/internal/outpost/proxyv2/postgresstore/postgresstore.go b/internal/outpost/proxyv2/postgresstore/postgresstore.go
index 893404fe21..767fc87924 100644
--- a/internal/outpost/proxyv2/postgresstore/postgresstore.go
+++ b/internal/outpost/proxyv2/postgresstore/postgresstore.go
@@ -115,8 +115,8 @@ func BuildConnConfig(cfg config.PostgreSQLConfig) (*pgx.ConnConfig, error) {
 			// Set verification mode
 			switch cfg.SSLMode {
 			case "require":
-				// Don't verify the server certificate (just encrypt)
-				tlsConfig.InsecureSkipVerify = true
+				// Verify the server certificate (secure by default)
+				tlsConfig.InsecureSkipVerify = false
 			case "verify-ca":
 				// Verify the certificate is signed by a trusted CA
 				tlsConfig.InsecureSkipVerify = false