DigitalOcean

Report this

What is the reason for this report?
Question

Where should i put a-certificate.crt file?

Posted on October 14, 2020
DigitalOcean Managed PostgreSQL Database
Databases
PostgreSQL
Node.js
DigitalOcean
Jus N

By Jus N

Wormy

I had trouble connecting to digitalocean database in node js and was getting errors such as:

Error: self signed certificate in certificate chain.

or

error: no pg_hba.conf entry for host "x.x.x.x", user "------", database "------", SSL off

but then I added ca-certificate.crt file into my node.js app newly created ssl folder and wrote this

const pg = require('pg')
const fs = require('fs')

const pool = new pg.Pool({
    user: "-----",
    password: "--------",
    host: "-----------",
    port: 25060,
    database: "----",
    ssl: true,
    ssl: {
      ca: fs.readFileSync('../ssl/ca-certificate.crt'),
      rejectUnauthorized: true,
    }

module.exports = pool;

This line fixed all those errors and now I can connect to the database

ca: fs.readFileSync('../ssl/ca-certificate.crt'),

but I feel it’s not very common practice to have ca-certificate.crt file in my app folder so I would like to know how to handle this?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
October 15, 2020

Hi there @beuu,

I have not tested this with NodeJS, but I’ve done it with other frameworks and PostgreSQL. What you can do is to add the certificate at:

~/.postgresql/root.crt

Then make sure that the file has secure permissions:

  1. chmod 600 ~/.postgresql/root.crt

That way the connection to your PostgreSQL server would default to using that certificate.

Let me know how it goes! Regards, Bobby

0
pistle2020
pistle2020
October 15, 2020

The certificates should be put in a folder dedicated to certificates and key files. An example location would be /usr/local/ssl/crt/. All of your certificates need to be in the same folder. Save the changes to the file once you are finished.

0
madrianhorning
madrianhorning
December 31, 2020

+1 for this I am running a node app on App Platform and I’m unsure how to get it on the server. Other than putting it in my repo, which, as @beuu said, seems like a bad idea.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.