Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error validating SSL certificate #21

Open
HdroguettA opened this issue May 2, 2023 · 0 comments
Open

Error validating SSL certificate #21

HdroguettA opened this issue May 2, 2023 · 0 comments
Assignees
@jscyo

Comments

@HdroguettA
Copy link

HdroguettA commented May 2, 2023
edited
Loading

Describe the bug

When attempting to make a connection to a secured Postgres database, client certificates are not being accepted. Failing with a Failed to initialize pool: FATAL: connection requires a valid client certificate error.

The database is hosted in a Heroku Private Space which allows you to generate a Certificate Bundle that contains one of each of the following: postgresql.crt (Client Certificate), postgresql.key (SSL Key) and root.crt (CA Certificate).

The containter was created and the related files were placed in the respective directory in order to be fetched from the POSTGRESQL_CONNECTION_URI.

I am able to tell they are in the correct directory because it will throw a different error Failed to initialize pool: Could not open SSL root certificate file if the root.crt file is not there.

docker-compose up is run after the files are copied as below:
docker cp ./postgres/certs/postgresql.crt supertokens-moneyspot-supertokens-1:server.crt
docker cp ./postgres/certs/postgresql.keysupertokens-moneyspot-supertokens-1:server.key
docker cp ./postgres/certs/root.crt supertokens-moneyspot-supertokens-1:root.crt

I additionally checked the Files tab in docker desktop to verify that the files were in fact there and with content.

docker-compose.yml

version: "3"

services:
    supertokens:
        image: registry.supertokens.io/supertokens/supertokens-postgresql:4.6
        ports:
            - 3567:3567
        environment:
            POSTGRESQL_CONNECTION_URI: "postgresql://<user>:<password>@<host>:5432/<db>?ssl=true&sslmode=verify-ca&sslrootcert=root.crt&sslcert=server.crt&sslkey=server.key"
        networks:
            - app_network
        restart: unless-stopped
        healthcheck:
            test: >
                bash -c 'exec 3<>/dev/tcp/127.0.0.1/3567 && echo -e "GET /hello HTTP/1.1\r\nhost: 127.0.0.1:3567\r\nConnection: close\r\n\r\n" >&3 && cat <&3 | grep "Hello"'
            interval: 10s
            timeout: 5s
            retries: 5

networks:
    app_network:
        driver: bridge

Expected behaviour

As completed through node (npm pg), DBeaver and the Docker PGAdmin4 extension, a successful connection should be able to be made to the secured database
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jscyo jscyo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jscyo @HdroguettA