Supabase CRT file Error for Postgre SSL

Questions and Answers
1

When it happened

The database is working well when SSL is off, when I turn on SSL, it’s broken with ERROR:

┌──────────────────────────────────────────────────────────────────────────────────────────────────┐
│                                                                                                  │
│   Error: error:0909006C:PEM routines:get_name:no start line                                      │
│   at node:internal/tls/secure-context:70:13                                                      │
│   at Array.forEach (<anonymous>)                                                                 │
│   at setCerts (node:internal/tls/secure-context:68:3)                                            │
│   at configSecureContext (node:internal/tls/secure-context:157:5)                                │
│   at Object.createSecureContext (node:_tls_common:116:3)                                         │
│   at Object.connect (node:_tls_wrap:1659:48)                                                     │
│   at getSecureStream

What I did

SSL file: downloaded prod-ca-2021.crt from Supabase and saved it at the strapi root folder.
Changed .env file only with:

DATABASE_SSL=true
DATABASE_SSL_CERT="./prod-ca-2021.crt"

The prod-ca-2021.crt file content seems in right format:

-----BEGIN CERTIFICATE-----
MIIDxDCCAqygAwIBAgIUbLxMod62P2ktCiAkxnKJwtE9VPYwDQYJKoZIhvcNAQEL
...
...
CMTyZKG3XEu5Ghl1LEnI3QmEKsqaCLv12BnVjbkSeZsMnevJPs1Ye6TjjJwdik5P
o/bKiIz+Fq8=
-----END CERTIFICATE-----

I checked the supabase, strapi documents and dozen of web pages from google searching but haven’t find a solution. Appreciate any input.

System Information
  • Strapi Version: 4.15.4
  • Operating System: Macos 12.7.1
  • Database: (from Supabase) PostgreSQL 15.1 (Ubuntu 15.1-1.pgdg20.04+1) on aarch64-unknown-linux-gnu.
  • NPM Version: 9.6.7
  • Yarn Version: 1.22.21
1 Like
2

Hi Vigogear,
I am experiencing this right now. Did you get a solution for it?

3

To read the certificate, within config/databases.ts you must have ssl configured this way:

      connection: {
        connectionString: env('DATABASE_URL'),
        host: env('DATABASE_HOST', 'localhost'),
        port: env.int('DATABASE_PORT', 5432),
        database: env('DATABASE_NAME', 'strapi'),
        user: env('DATABASE_USERNAME', 'strapi'),
        password: env('DATABASE_PASSWORD', 'strapi'),
        ssl: env.bool('DATABASE_SSL', true) && {
          ca: fs
            .readFileSync(env('DATABASE_SSL_CERT_PATH', './`certificate.crt'))
            .toString(),
          rejectUnauthorized: env.bool('DATABASE_SSL_REJECT_UNAUTHORIZED', true)
        },
        schema: env('DATABASE_SCHEMA', 'public')
      },
      pool: {
        min: env.int('DATABASE_POOL_MIN', 2),
        max: env.int('DATABASE_POOL_MAX', 10)
      }
    }``