Hi all,
I was playing around with Postgresql on my local network and everything went very well. Until I change the database to a cloud server, I receive the error: "Self Signed Certificate in Certificate Chain". I assume this is because the SSL is now true.
I have the certificate provided from the cloud server look like this:
Here is my very simple flow just to upload first data to the database:
So, how do I fix this error? Where can I insert my CA-certificate into the flow? Sorry, I'm completely new to networking and security functions.
I found some people suggesting disabling the authorization, but to keep the data safe, it is clearly not an ideal solution, right?
Also, I am using the: node-red-contrib-postgrestor-next
Node-red version: v2.0.5
Node.js version: v14.17.4
So when a certificate is created, it has a cascade of trust from a "Root Certificate Authority" or RootCA. Each step of the chain of certificates is "signed" by the parent. In this way you get a trusted certificate chain.
Now, if you create your own certificates locally using OpenSSL, you are using a "self-signed" certificate because you don't have a real RootCA.
So if you try and use such a certificate with a public service, the service will try to validate the chain because otherwise it cannot trust the certificate. With a self-signed cert, it cannot do this because it doesn't know about your pseudo-root.
There are various approaches to fixing this issue:
Get the service to ignore the error - really not a good idea because someone else could now pretend to be you.
Give the service a root CA to trust - while this works ok with local browsers, it generally won't be possible on cloud services unless you own the underlying infrastructure.
Get a "proper" certificate that has been signed by a RootCA that is widely recognised.
This last one is really the only viable choice. There are now several free services that will give you a certificate like this. However, most people are now using Let's Encrypt. There are a number of older threads in the forum that talk about LE and how to get Node-RED set up using LE certs and that may give you the clues you need to get your requirements working.
Just to be specific, I am using Postgresql database on Digitalocean, which provided a RootCA to be downloaded.
I just don't know how to insert that certificate into Nodered. I'll look into old threads in the forum about LE, maybe I can get some ideal out of them.
Thank you for the reply. After learning some TLS configuration, and trying @digitaloak/node-red-contrib-digitaloak-postgresql
I still have errors with authentication.