Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: Self signed certificate in certificate chain #10

Open
dl-lim opened this issue Apr 1, 2021 · 2 comments
Open

Error: Self signed certificate in certificate chain #10

dl-lim opened this issue Apr 1, 2021 · 2 comments

Comments

@dl-lim
Copy link

dl-lim commented Apr 1, 2021

Any chance of getting rid of this via the plugin?

Would be great if we could provide the client keys and certs here too.

@Nikoolayy1
Copy link

Add to the main.js file under <home/user or root>node-red/node_modules/node-red-contrib-stackhero-mysql/src this code " ssl: {rejectUnauthorized: false},"

 // Note: the connection is not done here
  this.pool = mysql.createPool({
    host: config.host,
    port: config.port,
    user: this.credentials.user,
    password: this.credentials.password,
    database: config.database,
    waitForConnections: true,
    connectionLimit: 5,
    queueLimit: 0,
    connectTimeout: 1000,
    ssl: config.tls ? {} : false,
    ssl: {rejectUnauthorized: false},

I got the idea from the documentation for the mysql node for node red and its drivers:

https://www.npmjs.com/package/mysql

@emphasize
Copy link

emphasize commented Sep 9, 2021

not pretty good at js (resp. know how mysql.createPool() is operating), but shouldn't this be

connectTimeout: 1000,
ssl: config.tls ? {rejectUnauthorized: false} : false,

otherwise this might get problematic eventually (if tls turned off)

but it gave me an entry point for my problem ;)
Yet i would expect your ca-certificate doesn't cover the CN of the db. Make an internal one (if applicable) with openssl and pass it like

ssl: config.tls ? {
            ca : require("fs").readFileSync('.../ca.pem'),
            key : require("fs").readFileSync('.../client-key.pem'),
            cert : require("fs").readFileSync('.../client-cert.pem'),
            rejectUnauthorized: true
        } : false,

in this case you can reject, which doesn't defy the purpose

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants