How to connect via SSL to sequelize DB

Question

I can't seem to find any documentation for SEQUELIZE.JS on how to use a CA.crt in order to enable connection to my database sitting on a remote server.

I figure its something in the options but I can't seem to figure it out

I have tried

{
 'ssl': true
 'dialectOptions':{
   ssl: {
     ca: 'path/to/ca'
   }
 }     
}

and a few other things but nothing seem to work for me.

Can anybody help me?

Edit:

Here is an error i get when using the ca thing

error connecting to db { Error: unable to verify the first certificate
at TLSSocket.<anonymous>

In addition to my below, just a quick remark. You need to pass all 3 components, 2 certs and key file in some form. — Mark, Jun 05 '17 at 10:56
Related: https://stackoverflow.com/questions/27687546/cant-connect-to-heroku-postgresql-database-from-local-node-app-with-sequelize — Ciro Santilli OurBigBook.com, Mar 20 '21 at 16:12

score 18 · Accepted Answer · answered Jun 05 '17 at 10:54

As you don't mention the backend DB of choice, I'll give a mysql sample and how I'd suggest you go about it.

First, confirm the connection using the dialect directly, so for mysql2 supplying variables as necessary:

const connection = mysql.createConnection({
  host: dbVars.host,
  user: dbVars.user,
  database: dbVars.database,
  password: dbVars.password,
  ssl: {
    key: cKey,
    cert: cCert,
    ca: cCA
  }
});

Once that connection is confirmed, move it to Sequelize as:

const sequelize = new Sequelize(dbVars.database, dbVars.user, dbVars.password, {
  host: dbVars.host,
  dialect: 'mysql',
  dialectOptions: {
    ssl: {
      key: cKey,
      cert: cCert,
      ca: cCA
    }
  }
});

Note: loading the certs properly was a learning curve and required a direct import using a raw-loader. Example:

import cKey from 'raw-loader!../certs/client-key.pem';

`fs.fileReadSync` works just as well for me to read the .pem files. — Max, Feb 01 '18 at 11:48
Per [docs](https://nodejs.org/api/fs.html#fs_fs_readfilesync_path_options) it is `fs.readFileSync`. — Herman J. Radtke III, Oct 04 '19 at 01:43

therightstuff · Answer 2 · 2023-07-05T09:52:25.463

0

Thanks to Mark's answer above, I was able to connect to a Postgres RDS instance from a Node.js Lambda function as follows:

        const sequelize = new Sequelize(POSTGRES_DATABASE, POSTGRES_USERNAME, POSTGRES_PASSWORD, {
            host: POSTGRES_HOST,
            port: POSTGRES_PORT,
            dialect: 'postgres',
            dialectOptions: {
              ssl: {
                // CAUTION: there are better ways to load the certificate, see comments below
                ca: fs.readFileSync(join(__dirname, 'rds-combined-ca-bundle.pem')).toString()
              }
            }
          });

(Obviously this required the PEM file to be available, see Using SSL/TLS to encrypt a connection to a DB instance)

edited Jul 05 '23 at 09:52

answered Jun 11 '23 at 07:10

therightstuff

833
1
16
21

Read a file, to finally set it as string? just copy the pem content into an ENV VAR and use it. – NingaCodingTRV Jun 30 '23 at 19:15
You may be right, but that's not really a central feature of the example :) – therightstuff Jul 02 '23 at 05:31
bad practices propagation, is the copy/paste example. Hope anyone read the good alternative. Regards. – NingaCodingTRV Jul 04 '23 at 18:40
@NingaCodingTRV fair point, i've updated the example to point here. another alternative is loading the file outside of the handler so that it's available for the invocation context. – therightstuff Jul 05 '23 at 09:53

How to connect via SSL to sequelize DB

2 Answers2