Getting "Error: self-signed certificate in certificate chain" #4181

oliwerhelsen · 2023-05-25T19:20:33Z

oliwerhelsen
May 25, 2023

Hi Guys,

I guess that I need to add my Certificate, but where? Is it under Database_extra? If yes, how is the structure, can't see it in the type.

Thankful for the support 🙏

Best regards!

SGFGOV · 2023-05-26T00:38:30Z

SGFGOV
May 26, 2023

Which dB provider are you using?

…

On Fri, 26 May, 2023, 00:50 Oliwer Helsén, ***@***.***> wrote: Hi Guys, I guess that I need to add my Certificate, but where? Is it under Database_extra? If yes, how is the structure, can't see it in the type. Thankful for the support 🙏 Best regards! — Reply to this email directly, view it on GitHub <#4181>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AXEQJHC6QMBIJUA6V5ANYVLXH6WJJANCNFSM6AAAAAAYPI3MRA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- This message (including any attachments) may contain confidential, proprietary, privileged and/or private information. The information is intended to be for the use of the individual or entity designated above. If you are not the intended recipient of this message, please notify the sender immediately, and delete the message and any attachments. Any disclosure, reproduction, distribution or other use of this message or any attachments by an individual or entity other than the intended recipient is prohibited.

1 reply

oliwerhelsen May 26, 2023
Author

Postgres

Alexnortung · 2023-10-11T11:52:50Z

Alexnortung
Oct 11, 2023

You need to specify database_extra with ssl in your projectConfig.

I had the same issue and solved it with the following part

const projectConfig = {
  // ...
  database_extra:
    process.env.DATABASE_SSL !== 'true'
      ? undefined
      : {
          ssl: {
            rejectUnauthorized: false,
          },
        },
};

Then just set DATABASE_SSL to true in your envirnoment variables

You can also see the docs for general deployment

2 replies

OlivierCoq Jan 15, 2024

I'm getting the same error, but this solution did not work for me. I'm following the Digital Ocean deployment docs line by line, but still running into this.

SamuelMabonga Jan 16, 2024

Same Issue on my end

Saba-Shavidze · 2024-03-26T09:40:36Z

Saba-Shavidze
Mar 26, 2024

Is there any update? I'm getting the same kind of error, while trying to connect rds [email protected] instance, I've downloaded the relevant certificates from aws, trying to apply them on server side:

const database_extra =  process.env.DATABASE_SSL ? {
  ssl: {
    rejectUnauthorized: true,
    ca: process.env.DATABASE_SSL_CA,
  }
}: {}
  database_extra: database_extra,

Getting "Error: self-signed certificate in certificate chain"

Can someone help me?

0 replies

rodrigouz · 2024-04-17T23:21:05Z

rodrigouz
Apr 17, 2024

The error "self-signed certificate in certificate chain" typically occurs when your client (in this case, your application or the tool you're using to connect to the Postgres instance) is rejecting the SSL certificate provided by the Postgres server.

This worked for me:

Get CA Certificate from the database provider in this case Digital Ocean.
Tested using psql to connect to the Postgres instance, you can specify the location of the certificate file using the sslrootcert parameter:

psql "postgresql://username:password@hostname:port/databasename?sslmode=require&sslrootcert=/path/to/certificate.crt"

0 replies

carlosxmerca · 2024-10-02T06:30:12Z

carlosxmerca
Oct 2, 2024

Hi, I also experienced the "self-signed certificate in certificate chain" error when trying to connect to a public RDS postgres instance, RDS forces connections to be encrypted, but it is also necessary to use a certificate that can be downloaded at least in the case of AWS from certificates

database_extra:
  process.env.POSTGRES_SSL === "ssl"
    ? {
        ssl: {
          rejectUnauthorized: true,
          ca: fs.readFileSync(process.env.POSTGRES_CA).toString(),
        },
      }
    : undefined,

The configuration I use is the following, very similar to what @Saba-Shavidze had proposed, where POSTGRES_CA is the relative or absolute path to the .pem file with the certificate, I also keep my URL like this: postgres://<user>:<password>@<host>:<port>/<database> without including the sslmode or ssl queries, the RDS service automatically establishes the encrypted connection when it detects the certificate, for some reason when the query exists the settings sent in database_extra are ignored or overwritten. You can find more information about a similar situation in this issue

Hope it helps 😄

1 reply

demandre Nov 14, 2024

without including the sslmode or ssl queries

This is what i was missing ! Thanks a lot 😁

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Getting "Error: self-signed certificate in certificate chain" #4181

{{title}}

Replies: 5 comments 4 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Getting "Error: self-signed certificate in certificate chain" #4181

Replies: 5 comments · 4 replies

oliwerhelsen May 26, 2023 Author

Replies: 5 comments 4 replies

oliwerhelsen May 26, 2023
Author