19

I can't seem to find any documentation for SEQUELIZE.JS on how to use a CA.crt in order to enable connection to my database sitting on a remote server.

I figure its something in the options but I can't seem to figure it out

I have tried

{
 'ssl': true
 'dialectOptions':{
   ssl: {
     ca: 'path/to/ca'
   }
 }     
}

and a few other things but nothing seem to work for me.

Can anybody help me?

Edit:

Here is an error i get when using the ca thing

error connecting to db { Error: unable to verify the first certificate
at TLSSocket.<anonymous>
Improve this question
2
  • In addition to my below, just a quick remark. You need to pass all 3 components, 2 certs and key file in some form. Commented Jun 5, 2017 at 10:56
  • Related: stackoverflow.com/questions/27687546/… Commented Mar 20, 2021 at 16:12

2 Answers 2

Reset to default
21

As you don't mention the backend DB of choice, I'll give a mysql sample and how I'd suggest you go about it.

First, confirm the connection using the dialect directly, so for mysql2 supplying variables as necessary:

const connection = mysql.createConnection({
  host: dbVars.host,
  user: dbVars.user,
  database: dbVars.database,
  password: dbVars.password,
  ssl: {
    key: cKey,
    cert: cCert,
    ca: cCA
  }
});

Once that connection is confirmed, move it to Sequelize as: 

const sequelize = new Sequelize(dbVars.database, dbVars.user, dbVars.password, {
  host: dbVars.host,
  dialect: 'mysql',
  dialectOptions: {
    ssl: {
      key: cKey,
      cert: cCert,
      ca: cCA
    }
  }
});

Note: loading the certs properly was a learning curve and required a direct import using a raw-loader. Example:

import cKey from 'raw-loader!../certs/client-key.pem';
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

fs.fileReadSync works just as well for me to read the .pem files.
Per docs it is fs.readFileSync.
How do I get cCert and cCA?
1

Thanks to Mark's answer above, I was able to connect to a Postgres RDS instance from a Node.js Lambda function as follows:

        const sequelize = new Sequelize(POSTGRES_DATABASE, POSTGRES_USERNAME, POSTGRES_PASSWORD, {
            host: POSTGRES_HOST,
            port: POSTGRES_PORT,
            dialect: 'postgres',
            dialectOptions: {
              ssl: {
                // CAUTION: there are better ways to load the certificate, see comments below
                ca: fs.readFileSync(join(__dirname, 'rds-combined-ca-bundle.pem')).toString()
              }
            }
          });

(Obviously this required the PEM file to be available, see Using SSL/TLS to encrypt a connection to a DB instance)

Improve this answer

4 Comments

Read a file, to finally set it as string? 🤔 just copy the pem content into an ENV VAR and use it.
You may be right, but that's not really a central feature of the example :)
bad practices propagation, is the copy/paste example. Hope anyone read the good alternative. Regards.
@NingaCodingTRV fair point, i've updated the example to point here. another alternative is loading the file outside of the handler so that it's available for the invocation context.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.