SequelizeConnectionError: self signed certificate

Question

I am trying to connect to a PostgreSQL Database that I've set up in Heroku.

const { Sequelize, DataTypes, Model } = require("sequelize");

// DB Configuration
const sequelize = new Sequelize({
  database: "[won't show db]",
  username: "[won't show username]",
  password: "[won't show password]",
  host: "ec2-54-221-195-148.compute-1.amazonaws.com",
  port: 5432,
  dialect: "postgres",
  dialectOptions: {
    ssl: true,
  },
});

And this is what I am getting as the output:

SequelizeConnectionError: self signed certificate

CherryDT · Accepted Answer · 2022-08-21T20:46:36.757

122

This is due to an (accidental) breaking change in node-postgres version 8 (see this GitHub issue).

The solution is to pass rejectUnauthorized: false to the sequelize connection parameters inside of dialectOptions>ssl, as described here by GitHub user jsanta, bypassing the SSL certificate check (which is okay when connecting to a trusted server over a secure connection such as on your local host or between your own servers in the same network):

const sequelize = new Sequelize({
  database: "xxxxx",
  username: "xxxxx",
  password: "xxxxx",
  host: "xxxxx",
  port: 5432,
  dialect: "postgres",
  dialectOptions: {
    ssl: {
      require: true,
      rejectUnauthorized: false // <<<<<<< YOU NEED THIS
    }
  },
});

edited Aug 21 '22 at 20:46

answered Apr 21 '20 at 18:21

CherryDT

25,571
5
49
74

1

this works with "sequelize": "^5.21.10", "pg": "^8.2.1", – Jorge Alonso Jun 03 '20 at 16:45
5

Seriously, does the sequelize team understand published APIs at all? Like... AT ALL? (sigh) – ChrisH Aug 20 '20 at 19:14
4

FYI for sequelize 6.3.5, I had to do: `ssl: { rejectUnauthorized: false }`. – Richard Mar 12 '21 at 05:28
@WithoutATowel I answered your question already. Kindly check and upvote if it solves your problem. Thanks – camelCase Apr 02 '21 at 20:21
1

False alarm! I had a typo. This fix works :) – WithoutATowel Apr 02 '21 at 21:51
For over an hour I couldn't figure out why this solution didn't work for me. It turns out, I had "rejectUnauthorized: false " outside of "ssl" in "dialectOptions". If anyones still having issues, make sure you have it correctly nested. – Bryson Kruk Dec 25 '21 at 01:27

score 9 · Answer 2 · answered Dec 27 '21 at 08:06

9

in my case none of the above works, I use the connection string method to apply pg configurations, so I set the query param sslmode=no-verify and I got it works

example

postgres://myuser:mypassword@myhost:5432/mydatabasename?sslmode=no-verify

answered Dec 27 '21 at 08:06

Anas

1,000
11
18

Yes, in my case that's the case as well. Anyone knows why we have to do this? – Burak Karakuş Dec 28 '21 at 20:48
In my case this was the solution, my stack is kubernetes in digitalocean, managed database, and I created a database and a user that were not the default ones – agusgambina Mar 05 '22 at 17:07
It happens because you use `uri` parameter for defining the connection, not the `pg` object parameter. PostgreSQL accepts several values for the `sslmode` parameter explained here: https://www.postgresql.org/docs/current/libpq-ssl.html. It is used for defining our acceptance level for unverified certificates. – Luki B. Subekti Aug 02 '22 at 12:26

score 2 · Answer 3 · answered Jun 23 '21 at 00:57

2

It works for me (on sequelize config.json file):

    "dialect": "postgres",
    "dialectOptions": {
      "ssl": {
        "require": true,
        "rejectUnauthorized": false
      }
    }

answered Jun 23 '21 at 00:57

Juan Camilo Camacho Beltrán

93
1
6

score 0 · Answer 4 · edited Nov 22 '21 at 05:12

0

This works for me, in the config.json file

  "development": {
    "username": "dummy",
    "password": "dummy",
    "database": "dummy",
    "host": "dummy",
    "dialect": "postgres",
    "dialectOptions":{
      "ssl": {
        "require": true,
        "rejectUnauthorized": false
      }
    }
  }

edited Nov 22 '21 at 05:12

Jeremy Caney

7,102
69
48
77

answered Nov 04 '21 at 03:06

Hoang Huyền

1

Nice but this is the exact same solution I posted, just without explanation... Instead it refers to a file not everyone will even have. – CherryDT Jan 01 '22 at 10:52

score -1 · Answer 5 · answered Apr 09 '21 at 05:49

-1

add the following in your code...

dbRDS=false

answered Apr 09 '21 at 05:49

manikandan

677
2
8
19

Can you give a more complete example? It looks like a variable assignment but this alone won't have any effect... – CherryDT Jun 18 '21 at 23:42

SequelizeConnectionError: self signed certificate

5 Answers5

Linked

Related