SSL Certificates Required for Database Access

I just tried a fresh install of Forest Admin for our database that’s locked behind a shield space on Heroku. Access requires an IP address to be whitelisted and SSL certificates to be used. Everything works on psql if I supply execute the following:

export DATABASE_URL=postgres://user:pass@host:5432/db
export PGSSLCERT=postgresql.crt
export PGSSLKEY=postgresql.key
export PGSSLROOTCERT=root.crt
psql "${DATABASE_URL}?sslmode=verify-ca"

With lumber generate I’m getting the following error:

✖ Connecting to your database
> Cannot connect to the database due to the following error:
> SequelizeConnectionError: connection requires a valid client certificate

I’m not sure how to supply the certificates to the generate command.

Thanks!

Hello @fny,

Welcome to the Forest Admin community !

Can you try to add the variables listed in your question to your .env file in your project folder?
You can also add ?sslmode=verify-ca to DATABASE_URL in the same file.

I can’t event get “lumber generate” to create a folder.

Maybe you can try to usr URL parameters instead of environment variables?
This should look like:

postgres://user:pass@host:5432/db?sslcert=postgresql.crt&sslkey=postgresql.key&sslrootcert=root.crt&sslmode=verify-ca

The variable / parameter mapping can be found here https://www.postgresql.org/docs/9.3/libpq-envars.html

This doesn’t work either. Is there anyway to get a lumber app generated without the database connection so I can try to configure it directly?

1 Like

Hi there @fny :wave:t3:

Since your database is locked behind a shield space, I am guessing we are talking about production/staging grade data. We do not recommend installing Forest Admin atop such a database for a start since you will be generating an app locally run on your machine (development environment).

To this end, I suggest you create an export/dump of this database and spin up a local instance, here’s a guide from Heroku docs - https://devcenter.heroku.com/articles/heroku-postgres-import-export.

Hope this helps :raised_hands:t3:

1 Like

i have the same probleme with my connection with the postgres, the DB is created using scalegrid and i have only one certificat

.env file
DATABASE_URL=postgres:db:port/postgres?sslca=/etc/ssl/postgresql.crt&sslmode=require
NODE_ENV=production
DATABASE_SSL=true

logs in the backend server