Skip to content

Error validating SSL certificate #21

New issue
New issue
Open
Open
Error validating SSL certificate#21
Assignees
jscyo
@HdroguettA

Description

@HdroguettA
HdroguettA
opened on May 2, 2023

Describe the bug

When attempting to make a connection to a secured Postgres database, client certificates are not being accepted. Failing with a Failed to initialize pool: FATAL: connection requires a valid client certificate error.

The database is hosted in a Heroku Private Space which allows you to generate a Certificate Bundle that contains one of each of the following: postgresql.crt (Client Certificate), postgresql.key (SSL Key) and root.crt (CA Certificate).

The containter was created and the related files were placed in the respective directory in order to be fetched from the POSTGRESQL_CONNECTION_URI.

I am able to tell they are in the correct directory because it will throw a different error Failed to initialize pool: Could not open SSL root certificate file if the root.crt file is not there.

docker-compose up is run after the files are copied as below:
docker cp ./postgres/certs/postgresql.crt supertokens-moneyspot-supertokens-1:server.crt
docker cp ./postgres/certs/postgresql.keysupertokens-moneyspot-supertokens-1:server.key
docker cp ./postgres/certs/root.crt supertokens-moneyspot-supertokens-1:root.crt

I additionally checked the Files tab in docker desktop to verify that the files were in fact there and with content.

docker-compose.yml

version: "3"

services:
    supertokens:
        image: registry.supertokens.io/supertokens/supertokens-postgresql:4.6
        ports:
            - 3567:3567
        environment:
            POSTGRESQL_CONNECTION_URI: "postgresql://<user>:<password>@<host>:5432/<db>?ssl=true&sslmode=verify-ca&sslrootcert=root.crt&sslcert=server.crt&sslkey=server.key"
        networks:
            - app_network
        restart: unless-stopped
        healthcheck:
            test: >
                bash -c 'exec 3<>/dev/tcp/127.0.0.1/3567 && echo -e "GET /hello HTTP/1.1\r\nhost: 127.0.0.1:3567\r\nConnection: close\r\n\r\n" >&3 && cat <&3 | grep "Hello"'
            interval: 10s
            timeout: 5s
            retries: 5

networks:
    app_network:
        driver: bridge

Expected behaviour

As completed through node (npm pg), DBeaver and the Docker PGAdmin4 extension, a successful connection should be able to be made to the secured database

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions