How do I connect to a MySQL database server running on PlanetScale with SSL from node.js on localhost?

Question

I'm trying to connect to the MySQL server on PlanetScale, but can't as it requires SSL.

Here's their doc for that, but it's unclear what it says. https://planetscale.com/docs/concepts/secure-connections

Here's the connection URL: DATABASE_URL='mysql://co30rXXXXXXX:pscale_pw_XXXXXXX@hoqx01444p30.us-east-4.psdb.cloud/restaurant?ssl={"rejectUnauthorized":true}'

Here's what I see from my terminal when I run yarn run migration-run

yarn run v1.22.18 $ npx prisma migrate dev Environment variables loaded from .env Prisma schema loaded from prisma/schema.prisma Datasource "db": MySQL database "restaurant" at "hoqx0XXXXX.us-east-4.psdb.cloud:3306"

Error: Migration engine error: unknown error: Code: UNAVAILABLE server does not allow insecure connections, client must use SSL/TLS

error Command failed with exit code 1. info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Is there anyone who has tried to connect to PlanetScale DB from Node.js on localhost? I have tried some other suggestions from Stackoverflow, but don't seem to work.

PS: `ssl={"rejectUnauthorized":false}` I tried this option as well from other answers, but doesn't work. — DreamBold, Aug 23 '22 at 08:20
You probably need [`sslcert=`](https://www.prisma.io/docs/concepts/database-connectors/mysql#configuring-an-ssl-connection) to [set the path to the root certificate](https://planetscale.com/docs/concepts/secure-connections#ca-root-configuration). — RickN, Aug 23 '22 at 08:27
@RickN Thank you for your advice! Sorry for the late reply, but I have managed to do it already! :) SSL cert path fixed the problem. So I have added `?ssl={"rejectUnauthorized":false}&sslcert=/etc/ssl/certs/ca-certificates.crt` — DreamBold, Aug 29 '22 at 10:55
@DreamBig Thanks it works but one more error occured after this, Error: P1001 Can't reach database server at `ap-northeast.connect.psdb.cloud`:`3306` Please make sure your database server is running at `ap-northeast.connect.psdb.cloud`:`3306`. /// it is completely fine when I run on localhost, only the problem when it is on the Cloud (GCP) — dontknowhy, Oct 26 '22 at 08:11
@nounlace Replacing /etc/pki/tls/certs/ca-bundle.crt with /etc/ssl/certs/ca-certificates.crt for local environment solved the issue. The solution for me at this point would be having four different URLs at environment variables list (two with /etc/ssl/certs/ca-certificates.crt for local and two with /etc/pki/tls/certs/ca-bundle.crt for preview and prod). You can read more here: https://github.com/prisma/prisma/issues/8875 Hope it helps! — DreamBold, Oct 27 '22 at 23:27
hi @dreambold how did you create the ssl cert for the planetscale database?? and did you have any further errors afterwards?? — Jriffs, Mar 20 '23 at 16:49
@dreambold my app from which I'm trying to connect to the planetscale database is hosted on Heroku, and i was given a domain by them. — Jriffs, Mar 21 '23 at 16:23

score 6 · Accepted Answer · answered Aug 29 '22 at 10:56

6

?ssl={"rejectUnauthorized":false}&sslcert=/etc/ssl/certs/ca-certificates.crt

Adding these params at the end of the connection link, the issue has been fixed. :)

answered Aug 29 '22 at 10:56

DreamBold

2,727
1
9
24

can someone please help me with how to create the ssl cert ? – Jriffs Mar 20 '23 at 16:52
you can use `letsencrypt` https://letsencrypt.org/getting-started/ or you can issue one from your domain registrar – DreamBold Mar 20 '23 at 20:03
https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal For `Ubuntu` running Apache server, – DreamBold Mar 20 '23 at 20:06

Matt D. Webb · Answer 2 · 2023-05-01T06:31:32.513

SSL ISSUE ON WINDOWS

If you're working on a Windows machine and using a .env file for your connection string, here is what worked for me to run locally (windows does not have a default /etc/ssl/certs/ reference as answered here).

You get your connection string from the PlanetScale console, via "overview" > "connect"

This will look something like:

DATABASE_URL='mysql://xxxxxx:*****@aws-eu-west-1.connect.psdb.cloud/dbName?ssl={"rejectUnauthorized":true}'

When plainly using this you will most likley get the follow error message (as the question states):

Code: UNAVAILABLE server does not allow insecure connections, client must use SSL/TLS

You therefore need to provide a local cert, one can be downloaded from the following trusted location:

https://curl.se/docs/caextract.html

Next, you need to save this file to a logical location on disk that can be referenced in your connection string, for example c:/temp/cacert.pem

Once saved you can then append the following to your connection string:

&sslcert=C:\\temp\\cacert.pem

Restart your server and you should be all set!

The equivelant ssl cert update in NodeJs would look as follows:

const connection = mysql.createConnection({
    host: 'hostNameHere',
    user: 'userNameHere',
    password: 'passwordHere',
    database: 'dbHere',
    ssl: {
        ca: fs.readFileSync('C:\\temp\\cacert.pem')
    }
});

score 0 · Answer 3 · answered Jun 01 '23 at 17:04

0

This worked for me:

?ssl={"rejectUnauthorized":false}&sslaccept=strict

answered Jun 01 '23 at 17:04

Harsh

1

1

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jun 01 '23 at 18:19

How do I connect to a MySQL database server running on PlanetScale with SSL from node.js on localhost?

3 Answers3

SSL ISSUE ON WINDOWS

Linked