node-postgres self signed certificate in certificate chain

Question

I have an Azure Postgres instance, and I am trying to connect to it using node-postgres (pg) module but getting Self signed certificate in certificate chain error.

I am able to connect using psql with sslmode=require param

Below is my code snippet

Since my password contains certain special characters i've used encodeURIComponent, and its managed by my org so I can't change it.

const getDBUrl = () => {
  return `postgres://${DB_USERNAME}:${encodeURIComponent(DB_PASSWORD)}@${DB_HOSTNAME}:${DB_PORT}/${DB_NAME}`;
};

const newPgPool = new Pool({
  connectionString: getDBUrl(),
  ssl: {
    rejectUnauthorized: false,
  }
});

As far as i know, setting rejectUnauthorized: false would use SSL but won't reject self signed certs.

Node: 16.14.0 pg: 8.8.0

score 0 · Answer 1 · answered Jul 11 '23 at 02:14

The fine manual does show how to configure your self-signed certificate:
https://node-postgres.com/features/ssl#self-signed-cert

const newPgPool = new Pool({
  connectionString: getDBUrl(),
  ssl: {
    //rejectUnauthorized: false,
    require: true,
    ca: fs.readFileSync('/path/to/server-certificates/root.crt').toString()
  }

Do not use rejectUnauthorized: false. It's unsafe (AiTM), and I find it strange that they showed that in the examples in the manual.

node-postgres self signed certificate in certificate chain

1 Answers1