Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to connect via SSL to sequelize DB

I can't seem to find any documentation for SEQUELIZE.JS on how to use a CA.crt in order to enable connection to my database sitting on a remote server.

I figure its something in the options but I can't seem to figure it out

I have tried

{
 'ssl': true
 'dialectOptions':{
   ssl: {
     ca: 'path/to/ca'
   }
 }     
}

and a few other things but nothing seem to work for me.

Can anybody help me?

Edit:

Here is an error i get when using the ca thing

error connecting to db { Error: unable to verify the first certificate
at TLSSocket.<anonymous>
like image 857
Travis Delly Avatar asked May 13 '17 03:05

Travis Delly


People also ask

What is SSL in DB connection?

Secure Sockets Layer (SSL) is a security protocol that provides communication privacy. SSL enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.

How do you connect Sequelize?

Sequelize will keep the connection open by default, and use the same connection for all queries. If you need to close the connection, call sequelize.close() (which is asynchronous and returns a Promise). Once sequelize.close() has been called, it's impossible to open a new connection.


1 Answers

As you don't mention the backend DB of choice, I'll give a mysql sample and how I'd suggest you go about it.

First, confirm the connection using the dialect directly, so for mysql2 supplying variables as necessary:

const connection = mysql.createConnection({
  host: dbVars.host,
  user: dbVars.user,
  database: dbVars.database,
  password: dbVars.password,
  ssl: {
    key: cKey,
    cert: cCert,
    ca: cCA
  }
});

Once that connection is confirmed, move it to Sequelize as:

const sequelize = new Sequelize(dbVars.database, dbVars.user, dbVars.password, {
  host: dbVars.host,
  dialect: 'mysql',
  dialectOptions: {
    ssl: {
      key: cKey,
      cert: cCert,
      ca: cCA
    }
  }
});

Note: loading the certs properly was a learning curve and required a direct import using a raw-loader. Example:

import cKey from 'raw-loader!../certs/client-key.pem'; 
like image 91
Mark Avatar answered Sep 19 '22 18:09

Mark