How can I use Digital Oceans DB CA Cert in App Platform?

I am struggling to use the CA Cert provided by my Digital Oceans PSQL database.

I am using Knex in my Node.js Express application. Here is my Knex config:

  production: {
    client: 'postgresql',
    connection: {
      connectionString: process.env.PSQL_CONNECTION_STRING,
      ssl: {
        ca: Buffer.from(process.env.CA_CERT_BASE_64 ?? '').toString('utf-8')
    pool: {
      min: 2,
      max: 10
    migrations: {
      tableName: 'knex_migrations'

I have tried the following things:

  1. Store ${my-db.CA_CERT} in an environmental variable and referencing it
  2. Copying and pasting the raw string from downloading the CA Cert and using it as a env var.
  3. Encoding the CA Cert string into base 64 and setting that into an environment variable. Then decoding it in my source code so the formatting for the cert is kept.
  4. using $ echo on the env var to check it is properly set

After all of this, I get the following error:

Error: self signed certificate in certificate chain

By setting NODE_TLS_REJECT_UNAUTHORIZED=0 in my environmental variables, I am able to connect to my database. However, I would like to avoid doing that.

Does anyone have any insight on what can be done?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
November 18, 2023

Hi there,

Are you doing this during the build process or during the run stage?

Keep in mind that Database values are not available during build time but are available at runtime as mentioned here in the docs:

If this is not the case, there has been a similar discussion here about the same use-case:

The solution that the user mentioned was to switch to using Pool from pg:

export const pool = new Pool({
    user: process.env.DB_USERNAME,
    host: process.env.DB_HOSTNAME,
    database: process.env.DATABASE,
    password: process.env.DB_PASSWORD,
    port: Number(process.env.DB_PORT),
    ssl: {
       rejectUnauthorized: true,
       ca: process.env.CA_CERT,

Let me know how it goes!



Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel