node-red-contrib-stackhero-mysql icon indicating copy to clipboard operation
node-red-contrib-stackhero-mysql copied to clipboard
verified publisher icon stackhero-io

Error: Self signed certificate in certificate chain

Open dl-lim opened this issue 4 years ago • 2 comments

Any chance of getting rid of this via the plugin?

Would be great if we could provide the client keys and certs here too.

dl-lim avatar Apr 01 '21 17:04 dl-lim

Add to the main.js file under <home/user or root>node-red/node_modules/node-red-contrib-stackhero-mysql/src this code " ssl: {rejectUnauthorized: false},"

 // Note: the connection is not done here
  this.pool = mysql.createPool({
    host: config.host,
    port: config.port,
    user: this.credentials.user,
    password: this.credentials.password,
    database: config.database,
    waitForConnections: true,
    connectionLimit: 5,
    queueLimit: 0,
    connectTimeout: 1000,
    ssl: config.tls ? {} : false,
    ssl: {rejectUnauthorized: false},

I got the idea from the documentation for the mysql node for node red and its drivers:

https://www.npmjs.com/package/mysql

Nikoolayy1 avatar Jul 02 '21 20:07 Nikoolayy1

not pretty good at js (resp. know how mysql.createPool() is operating), but shouldn't this be

connectTimeout: 1000,
ssl: config.tls ? {rejectUnauthorized: false} : false,

otherwise this might get problematic eventually (if tls turned off)

but it gave me an entry point for my problem ;) Yet i would expect your ca-certificate doesn't cover the CN of the db. Make an internal one (if applicable) with openssl and pass it like

ssl: config.tls ? {
            ca : require("fs").readFileSync('.../ca.pem'),
            key : require("fs").readFileSync('.../client-key.pem'),
            cert : require("fs").readFileSync('.../client-cert.pem'),
            rejectUnauthorized: true
        } : false,

in this case you can reject, which doesn't defy the purpose

emphasize avatar Sep 09 '21 16:09 emphasize