Question

Cannot connect with dev database due to SSL issue

Posted February 13, 2021 1.1k views
Node.jsPostgreSQLDigitalOcean App Platform

I’m using DigitalOcean App Platform to host a small node.js app. For the time being, I decided to go with the dev database that happens to be PostgreSQL. I understand it’s not meant to be used in production, but does that mean the app cannot connect to it remotely?

I’m using the pg package to create the database client.

const db_config = {
  user: process.env.PGUSER,
  password: process.env.PGPASSWORD,
  host: process.env.PGHOST,
  database: process.env.PGDATABASE,
  port: process.env.PGPORT,
  ssl: true
}

const client = new Client(db_config);
client.connect();

However, when that code executes, it returns the following:

(node:1) UnhandledPromiseRejectionWarning: Error: self signed certificate in certificate chain
     at TLSSocket.onConnectSecure (_tls_wrap.js:1502:34)
     at TLSSocket.emit (events.js:314:20)
     at TLSSocket._finishInit (_tls_wrap.js:937:8)
     at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:711:12)
(node:1) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:1) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

I’m not sure how to get around that. I’m specifying the SSL option in the config. Can anyone help?

1 comment
  • Hey, after looking at your solution, I am a bit confused where you found the CA Cert for the dev database. I am unable to locate it anywhere in my dev dashboard. I found all of the connection settings but that is it.

    Also I am pretty sure that what really fixed your issue was the line

    rejectUnauthorized: false
    

    Should that not be set to true if you want to only authorize valid connections with the cert? I can put that without a CACERT and it works fine for me. As far as I’m aware that setting seems to work just like the Environment Variable

    NODE_TLS_REJECT_UNAUTHORIZED = 0
    

    Which actually throws a warning message in the node console about avoiding security protocols.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

So I ended up figuring out how to solve this. Later after I submitted this ticket. I didn’t realize up until then that the dev database provides an CA cert. So once I did, all I had to do was to add one extra option in the config object, as such:

const client = new Client({
  user: process.env.PGUSER,
  password: process.env.PGPASSWORD,
  host: process.env.PGHOST,
  database: process.env.PGDATABASE,
  port: process.env.PGPORT,
  ssl: {
    rejectUnauthorized: false,
    ca: process.env.CACERT,
  }
});

With that, I was finally able to connect to the PostgreSQL dev database.