diff --git a/ingestion/src/metadata/ingestion/source/database/hive/connection.py b/ingestion/src/metadata/ingestion/source/database/hive/connection.py
index 9aeafd9a2b1..3d85bb00f39 100644
--- a/ingestion/src/metadata/ingestion/source/database/hive/connection.py
+++ b/ingestion/src/metadata/ingestion/source/database/hive/connection.py
@@ -44,7 +44,7 @@ def get_connection_url(connection: HiveConnection) -> str:
     if (
         connection.username
         and connection.auth
-        and connection.auth in ("LDAP", "CUSTOM")
+        and connection.auth.value in ("LDAP", "CUSTOM")
     ):
         url += quote_plus(connection.username)
         if not connection.password:
@@ -80,7 +80,7 @@ def get_connection(connection: HiveConnection) -> Engine:
     if connection.auth:
         if not connection.connectionArguments:
             connection.connectionArguments = init_empty_connection_arguments()
-        connection.connectionArguments.__root__["auth"] = connection.auth
+        connection.connectionArguments.__root__["auth"] = connection.auth.value
 
     if connection.kerberosServiceName:
         if not connection.connectionArguments:
diff --git a/ingestion/src/metadata/ingestion/source/database/postgres/connection.py b/ingestion/src/metadata/ingestion/source/database/postgres/connection.py
index 78c2fcbee6a..756bb27b439 100644
--- a/ingestion/src/metadata/ingestion/source/database/postgres/connection.py
+++ b/ingestion/src/metadata/ingestion/source/database/postgres/connection.py
@@ -22,6 +22,7 @@ from metadata.generated.schema.entity.automations.workflow import (
 )
 from metadata.generated.schema.entity.services.connections.database.postgresConnection import (
     PostgresConnection,
+    SslMode,
 )
 from metadata.ingestion.connections.builders import (
     create_generic_db_connection,
@@ -45,7 +46,11 @@ def get_connection(connection: PostgresConnection) -> Engine:
     if connection.sslMode:
         if not connection.connectionArguments:
             connection.connectionArguments = init_empty_connection_arguments()
-        connection.connectionArguments.__root__["sslmode"] = connection.sslMode
+        connection.connectionArguments.__root__["sslmode"] = connection.sslMode.value
+        if connection.sslMode in (SslMode.verify_ca, SslMode.verify_full):
+            connection.connectionArguments.__root__[
+                "sslrootcert"
+            ] = connection.sslConfig.__root__.certificatePath
     return create_generic_db_connection(
         connection=connection,
         get_connection_url_fn=get_connection_url_common,
diff --git a/ingestion/src/metadata/ingestion/source/database/redshift/connection.py b/ingestion/src/metadata/ingestion/source/database/redshift/connection.py
index 5ce13790dc0..1a0fd2aa601 100644
--- a/ingestion/src/metadata/ingestion/source/database/redshift/connection.py
+++ b/ingestion/src/metadata/ingestion/source/database/redshift/connection.py
@@ -21,6 +21,7 @@ from metadata.generated.schema.entity.automations.workflow import (
 )
 from metadata.generated.schema.entity.services.connections.database.redshiftConnection import (
     RedshiftConnection,
+    SslMode,
 )
 from metadata.ingestion.connections.builders import (
     create_generic_db_connection,
@@ -44,7 +45,11 @@ def get_connection(connection: RedshiftConnection) -> Engine:
     if connection.sslMode:
         if not connection.connectionArguments:
             connection.connectionArguments = init_empty_connection_arguments()
-        connection.connectionArguments.__root__["sslmode"] = connection.sslMode
+        connection.connectionArguments.__root__["sslmode"] = connection.sslMode.value
+        if connection.sslMode in (SslMode.verify_ca, SslMode.verify_full):
+            connection.connectionArguments.__root__[
+                "sslrootcert"
+            ] = connection.sslConfig.__root__.certificatePath
     return create_generic_db_connection(
         connection=connection,
         get_connection_url_fn=get_connection_url_common,
diff --git a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/hiveConnection.json b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/hiveConnection.json
index d1f470db465..d6599fa794a 100644
--- a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/hiveConnection.json
+++ b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/hiveConnection.json
@@ -50,8 +50,10 @@
     },
     "auth": {
       "title": "Authentication Mode",
-      "description": "Authentication mode to connect to hive, E.g, LDAP, CUSTOM etc",
-      "type": "string"
+      "description": "Authentication mode to connect to hive.",
+      "type": "string",
+      "enum": ["NONE", "LDAP", "KERBEROS", "CUSTOM", "NOSASL", "BASIC"],
+      "default": "NONE"
     },
     "kerberosServiceName": {
       "title": "Kerberos Service Name",
diff --git a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/postgresConnection.json b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/postgresConnection.json
index cfc03ef6b47..1f2bfc83a32 100644
--- a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/postgresConnection.json
+++ b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/postgresConnection.json
@@ -55,8 +55,12 @@
     },
     "sslMode": {
       "title": "SSL Mode",
-      "description": "SSL Mode to connect to postgres database. E.g, prefer, verify-ca etc.",
-      "type": "string"
+      "description": "SSL Mode to connect to postgres database.",
+      "enum": ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"],
+      "default": "disable"
+    },
+    "sslConfig": {
+      "$ref": "../../../../security/ssl/verifySSLConfig.json#/definitions/sslConfig"
     },
     "classificationName": {
       "title": "Classification Name",
diff --git a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/redshiftConnection.json b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/redshiftConnection.json
index 9e4bd22a989..bbc72aab23a 100644
--- a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/redshiftConnection.json
+++ b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/redshiftConnection.json
@@ -61,8 +61,12 @@
     },
     "sslMode": {
       "title": "SSL Mode",
-      "description": "SSL Mode to connect to postgres database. E.g, prefer, verify-ca etc.",
-      "type": "string"
+      "description": "SSL Mode to connect to redshift database.",
+      "enum": ["disable", "allow", "prefer", "require", "verify-ca", "verify-full"],
+      "default": "disable"
+    },
+    "sslConfig": {
+      "$ref": "../../../../security/ssl/verifySSLConfig.json#/definitions/sslConfig"
     },
     "connectionOptions": {
       "title": "Connection Options",
diff --git a/openmetadata-spec/src/main/resources/json/schema/security/ssl/validateSSLClientConfig.json b/openmetadata-spec/src/main/resources/json/schema/security/ssl/validateSSLClientConfig.json
index 2df33f49ff4..79edbc76365 100644
--- a/openmetadata-spec/src/main/resources/json/schema/security/ssl/validateSSLClientConfig.json
+++ b/openmetadata-spec/src/main/resources/json/schema/security/ssl/validateSSLClientConfig.json
@@ -7,7 +7,7 @@
   "javaType": "org.openmetadata.schema.security.ssl.ValidateSSLClientConfig",
   "properties": {
     "certificatePath": {
-      "description": "CA certificate path. E.g., /path/to/public.cert. Will be used if Verify SSL is set to `validate`.",
+      "description": "CA certificate path. E.g., /path/to/public.cert. Will be used if Verify SSL is set to `validate` or `verify`.",
       "type": "string"
     }
   },