DigitalOcean

Report this

What is the reason for this report?
Question

How can I use Digital Oceans DB CA Cert in App Platform?

Posted on November 14, 2023
DigitalOcean Managed PostgreSQL Database
Deployment
DigitalOcean App Platform
PostgreSQL
Node.js
kanedu2000

By kanedu2000

I am struggling to use the CA Cert provided by my Digital Oceans PSQL database.

I am using Knex in my Node.js Express application. Here is my Knex config:

  production: {
    client: 'postgresql',
    connection: {
      connectionString: process.env.PSQL_CONNECTION_STRING,
      ssl: {
        ca: Buffer.from(process.env.CA_CERT_BASE_64 ?? '').toString('utf-8')
      }
    },
    pool: {
      min: 2,
      max: 10
    },
    migrations: {
      tableName: 'knex_migrations'
    }

I have tried the following things:

  1. Store ${my-db.CA_CERT} in an environmental variable and referencing it
  2. Copying and pasting the raw string from downloading the CA Cert and using it as a env var.
  3. Encoding the CA Cert string into base 64 and setting that into an environment variable. Then decoding it in my source code so the formatting for the cert is kept.
  4. using $ echo on the env var to check it is properly set

After all of this, I get the following error:

Error: self signed certificate in certificate chain

By setting NODE_TLS_REJECT_UNAUTHORIZED=0 in my environmental variables, I am able to connect to my database. However, I would like to avoid doing that.

Does anyone have any insight on what can be done?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
November 18, 2023

Hi there,

Are you doing this during the build process or during the run stage?

Keep in mind that Database values are not available during build time but are available at runtime as mentioned here in the docs:

https://docs.digitalocean.com/products/app-platform/how-to/use-environment-variables/#databases

If this is not the case, there has been a similar discussion here about the same use-case:

https://www.digitalocean.com/community/questions/how-to-use-_self-ca_cert-in-when-accessing-postgres-db-from-nodejs-app

The solution that the user mentioned was to switch to using Pool from pg:

export const pool = new Pool({
    user: process.env.DB_USERNAME,
    host: process.env.DB_HOSTNAME,
    database: process.env.DATABASE,
    password: process.env.DB_PASSWORD,
    port: Number(process.env.DB_PORT),
    ssl: {
       rejectUnauthorized: true,
       ca: process.env.CA_CERT,
    },
})

Let me know how it goes!

Best,

Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Start building today

From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.

© 2026 DigitalOcean, LLC.Sitemap.
Dark mode is coming soon.