Flowise icon indicating copy to clipboard operation
Flowise copied to clipboard
Published 1 month ago verified publisher icon FlowiseAI

Bug Report: self-signed certificate in certificate chain when using pgvector on RDS PostgreSQL with SSL

Open haydarmiezanie opened this issue 4 months ago • 4 comments

Describe the bug

When setting up Document Store in Flowise using pgvector on AWS RDS PostgreSQL (SSL required), Flowise fails to insert or retrieve data and returns a 500 Internal Server Error.

The error message indicates a TLS/SSL issue:

Status: 500
Error: documentStoreServices.insertIntoVectorStoreMiddleware 
- Error: documentStoreServices.insertIntoVectorStore 
- Error: documentStoreServices._insertIntoVectorStoreWorkerThread 
- Error: self-signed certificate in certificate chain

This happens even when intentionally using an incorrect password suggesting the issue occurs during the SSL handshake, not authentication. A standalone Python or Node.js test script can connect to the same RDS host using SSL successfully, so the database itself works fine.

To Reproduce

  1. Create an RDS PostgreSQL instance with:
    • SSL mode: require
    • Extension: pgvector enabled
  2. Run Flowise (Terraform using ECS Fargate)
  3. Configure Flowise Document Store connection
  4. Add a Document Store and upsert all chunk
  5. Setup embedding using gemini API, vector store & record manager using postgres with SSL enabled 5.Observe that the UI shows “Oh snap!” and returns a 500 error.

Expected behavior

Flowise should:

  • Successfully connect to AWS RDS PostgreSQL with SSL enabled (sslmode=require or verify-ca).
  • Properly trust AWS RDS’s CA chain during SSL negotiation.
  • Allow insertion and retrieval of document vectors without failure.

Screenshots

SSL: Image Result: Image

Flow

Flow setup:

  • Vector store: pgvector
  • Host: AWS RDS PostgreSQL (SSL required)
  • Flow action: inserting documents via Document Store
  • Deployment: ECS Fargate (Amazon Linux 2)

Use Method

Docker

Flowise Version

3.0.7

Operating System

Linux

Browser

Chrome

Additional context

  • Verified that connection works externally:
    • Tested with standalone Node.js + pg client and Python + psycopg2 → both connect fine.
  • The same error persists even if credentials are invalid, meaning it fails before authentication.
  • The likely root cause is that Flowise’s internal documentStoreServices doesn’t pass SSL parameters or CA certificates when using PostgreSQL.
  • A potential fix:
    • Add environment variable or config option for SSL, e.g.: 
      PGSSLMODE=require
PGSSLROOTCERT=/path/to/rds-combined-ca-bundle.pem
  • Suggested improvement: support for trusted CA bundles (RDS certificates) or full ssl configuration in Flowise’s database connection layer.

haydarmiezanie avatar Oct 05 '25 11:10 haydarmiezanie

  • [ ]

orxanhuseynzade47-del avatar Oct 10 '25 01:10 orxanhuseynzade47-del

I've just run into this bug as well. I needed a way to make this work and found that setting

NODE_TLS_REJECT_UNAUTHORIZED: 0

Will get you passed the error, HOWEVER I would NOT recommend setting that in production or public facing deployments. It will essentially disable node's SSL validation. Better would be to have the AWS CA's included, or the ability to import external CAs.

zindello avatar Oct 15 '25 02:10 zindello

The same issue with self-hosted postgresdb and flowise on Linux... (version 3.0.8 of flowise)

mzwk11 avatar Oct 22 '25 08:10 mzwk11

@haydarmiezanie try pgbouncer for TLS proxy. For me worked fine

mzwk11 avatar Oct 24 '25 08:10 mzwk11