SSL: self signed certificate - Githubissues

alexandrainst / node-red-contrib-postgresql

Node-RED node for PostgreSQL, supporting parameters, split, back-pressure

https://flows.nodered.org/node/node-red-contrib-postgresql

Apache License 2.0

31 stars 13 forks source link

SSL: self signed certificate #67

Closed emilbang closed 4 months ago

emilbang commented 4 months ago

While upgrading from an older version of nodered to the latest, I tested this node. When trying to connect to a Digital Ocean managed database with SSL=true I get the following error: "Error: self signed certificate in certificate chain"

With SSL=false i get this error: error: no pg_hba.conf entry for host "xxx", user "xxx", database "xxx", SSL off

I think the reason for these errors are that pg since v. 8.0 sets rejectUnathurized = true as default as described here: https://node-postgres.com/announcements

At the same time DO probably self-signs their certificates as speculated here: https://github.com/Budibase/budibase/issues/1967#issuecomment-879981467

I am able to connect to my database by passing this config node as described in the documentation:

msg.pgConfig = {
  user: 'xxx',
  password:'xxx',
  host: 'xx.xx.xx',
  database: 'xxx',
  port: xxxx, 
  ssl: {
  rejectUnauthorized: false
  }
};

But it would be neat to be able to set rejectUnathorized in the properties setting in the node:

emilbang commented 4 months ago

I found out that you can pass json to the SSL tab and write in {"rejectUnauthorized":false}

This way I can use the standard configuration