When trying to implement a Direct MySQL Database connection in Digital Ocean, and after following all the instructions in the document:
I get the following error message:
"Error connecting: self signed certificate in certificate chain" .
I can connect to the database perfectly with Workbench, but not with Wappler.
Thank you very much in advance for your help.
Best.
Jay
Use custom SSL profile and select the CA certificate that you can download from Digital Ocean where you also get your credentials from.
Thanks, the error has disappeared.
By doing what I suggested?
Yes
Similar issue:
It works in the DB manager when testing the connection when doing what you suggested George
It doesn’t work with server connect here:
code: "HANDSHAKE_SSL_ERROR"
message: "self signed certificate in certificate chain"
stack: "Error: self signed certificate in certificate chain\n at TLSSocket.<anonymous> (/opt/node_app/node_modules/mysql/lib/Connection.js:317:48)\n at TLSSocket.emit (events.js:315:20)\n at TLSSocket.EventEmitter.emit (domain.js:529:15)\n at TLSSocket._finishInit (_tls_wrap.js:932:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)\n at TLSWrap.callbackTrampoline (internal/async_hooks.js:131:14)\n --------------------\n at Protocol._enqueue (/opt/node_app/node_modules/mysql/lib/protocol/Protocol.js:144:48)\n at Protocol.handshake (/opt/node_app/node_modules/mysql/lib/protocol/Protocol.js:51:23)\n at Connection.connect (/opt/node_app/node_modules/mysql/lib/Connection.js:116:18)\n at /opt/node_app/node_modules/knex/lib/dialects/mysql/index.js:68:18\n at new Promise (<anonymous>)\n at Client_MySQL.acquireRawConnection (/opt/node_app/node_modules/knex/lib/dialects/mysql/index.js:63:12)\n at create (/opt/node_app/node_modules/knex/lib/client.js:290:39)"
status: "500"
I’ve put the certificate in the project root folder and in the .wappler/targets folder
Any ideas?
Update: Quite sure the issue is that the certificate isn’t found. If I change the path to something nonexistant I get the same error
It works in DBeaver with the certificate.
It works in the wappler DB manager, it’s just not working for any of the server actions…
I spent the whole day trying to figure this out, only solution I can think of now is to set rejectUnauthorized: false in the SSL settings (the default SSL option in wappler UI).
But that is not advised for production environments…
Would love any input.
The weirdest thing is that it was working 1 week ago, even have screenshots on the forum proving it’s working. I have not done anything with the db/project settings since that time… Even barely developed in Wappler at all.
Frustrating!
Well obviously if you are entering a ~ user home folder path to your CA certificate, it is only on your computer …
So just copy the CA file in your project and refer to it.
It’s in the project folder. So this is the path generated by the UI. Can you give an example of path to use please?
Thank you!
Tried:
Tried moving it in the root folder:
2021.05.22 13.10 - 2227 - Wobbegongshark
Also by then changing the path to: 
And: 
All the same issue.
You can test it on production by trying to login with any info on smartclasses.app/login - debug is enabled.
.wappler folder is never published to a live server.
It contain sensity info and it is for Wappler only.
Try adding the CA file to another project folder or root
I've tried adding it to the root as you can see in the video, am I using the wrong path there?
Add it under the app folder. In NodeJS only specific folders get published
I put the certificate inthe app folder, then added it using UI which gives this path 
That didn’t work.
Tried these paths also:
All the same error 
So the key works in Wappler database manager but not in production? Did you upload the actual key to your server? I see that you tested most paths, normally when picking the file it should generate the correct path, you could try ./ca-certificate.crt as path.
Correct, database manager works. Production doesn’t (also not in the local docker environment) so I’m thinking the path set up in the database connection json file isn’t working.
I tried ./ca-certificate.crt when putting the file in the root of the project folder:
And by putting it in the /app/ folder:
/.ca-certificate.crt and /app/ca-certificate.crtGiven that I can find the file by using the docker CLI, I think it is uploaded?
Another idea I was thinking of: when googling the handshake error I found some people saying you need to update NPM. I tried that locally and by using the web terminal, otherwise it won’t work in the docker image (I’m guessing because of the wappler node14 dockercompose). Perhaps it has something to do with that?
I swear it was working 2 weeks ago, by just using the GUI. (I’m also back to using wappler 3.9.7 so I don’t think it’s a wappler 4 issue)
Any chance you can help me solve this? It feels insecure to not be using SSL now for the db. We are starting to get users 
Is the error still the same? Self signed certificates are not-trusted by default.
Thanks for coming back to this @patrick.
Yes still the same, just replicated again by doing the same steps that did make it work a long time ago:
The certificate is downloaded from digitalocean and does work when I connect to the db using DBeaver.
Tried a few other paths also:
~.wappler/targets/ca-certificate.crt
.wappler/targets/ca-certificate.crt
This is the error:
{"status":"500","code":"HANDSHAKE_SSL_ERROR","message":"self signed certificate in certificate chain","stack":"Error: self signed certificate in certificate chain\n at TLSSocket.<anonymous> (/opt/node_app/node_modules/mysql2/lib/connection.js:342:54)\n at TLSSocket.emit (events.js:315:20)\n at TLSSocket.EventEmitter.emit (domain.js:529:15)\n at TLSSocket._finishInit (_tls_wrap.js:932:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)\n at TLSWrap.callbackTrampoline (internal/async_hooks.js:131:14)"}
Can it have anything to do with Traefik? We changed some settings in there in the last few months.