Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

self signed certificate in certificate chain

See original GitHub issue

Node.js version: 14.17.0 pg version: 8.6.0

other related packages:

        "pg-connection-string": "^2.5.0",
        "pg-pool": "^3.3.0",
        "pg-protocol": "^1.5.0",

code:

const options = {
  connectionString: 'postgres://username:password@host:port/dbname?sslmode=verify-full',
  connectionTimeoutMillis: 50000,
  query_timeout: 50000,
  ssl: {
    ca: <loaded from file>,
    rejectUnauthorized: false
  }
}

const client = new pg.Client(options)
try {
    await client.connect()
  } catch(err) {
    if (err) {
      console.error('failed to connect to pg client', err)
      process.exit(1)
    }
  }

output is as following:

failed to connect to pg client Error: self signed certificate in certificate chain
    at TLSSocket.onConnectSecure (_tls_wrap.js:1507:34)
    at TLSSocket.emit (events.js:376:20)
    at TLSSocket._finishInit (_tls_wrap.js:932:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12) {
  code: 'SELF_SIGNED_CERT_IN_CHAIN'
}

workable with NODE_TLS_REJECT_UNAUTHORIZED=0, but it is not suggested to program security.

Issue Analytics

State:
Created 2 years ago
Comments:11

Top GitHub Comments

1reaction

charmandercommented, Jun 4, 2021

@NicholasIoanJones If all you need to specify is rejectUnauthorized: false, you can omit ssl from the configuration object and switch between sslmode=no-verify in production and no sslmode in development.

0reactions

lornajanecommented, Sep 29, 2021

I’m also running into this, using PostgreSQL as a service, and it includes a ?sslmode=require in its connection params, which means that my code always fails since I can’t pass in the cert.

Top Results From Across the Web

Openssl : error "self signed certificate in certificate chain"

You have a certificate which is self-signed, so it's non-trusted by default, that's why OpenSSL complains. This warning is actually a good thing, ......

6 Ways to fix : SSL certificate problem: self signed ... - Jhooq

Scenario 1 : Git clone - SSL certificate problem: self signed certificate in certificate chain ... It is one of the most common...

Generating a self-signed Certificate Chain Using openssl

To build a self-signed certificate chain, begin by creating a certificate configuration file like this: [ req ] default_bits = 4096 default_keyfile ...

Solve error "self-signed certificate in certificate chain"

This article explains how to solve the error "self-signed certificate in certificate chain" · The error happens when you're trying to access My ......

Understanding Self-Signed Certificate in Chain Issues on ...

It means that the certificate attached to the package is a way to be sure that the package was not modified from the...