Hi,
I use Heroku, nodejs, mysql and suddenly i havent been able to login to the application.
Prior to not being able to login i did notice that one of the server connect failed with SSL error.
I also noticed that the jawsdb/whitetip dashboard had a notification that said " * SSL certificates will be updated on August 22nd, 2024. Applications using SSL/TLS to connect to JawsDB servers should start using the new bundle at their earliest convenience to prevent disruption in service."
I have downloaded the new bundle which is a .pem file.
I assume i need to place this file somewhere in the app file structure but not sure where and also complete the ssl custom settings - see screenshot
I tried placing the file in the nodes_module folder and then linked it to the CA cert but this didnt work.
Hey @NGM, .pem files are key files, and .crt are certificates. I believe these should all be in your bundle? You may need to specify the location of each of them in Wappler for Heroku? Both the Cert and the Key fields should point to their relevant locations within the 'certs' directory. We use Digital Ocean so forgive my lack of direct assistance regarding the matter, am unfamiliar with Heroku...
UPDATE ive gone back to appB turned SSL on for the db connection, tested the connection and got
Error connecting: self signed certificate in certificate chain - good as expected
added in the .pem file (in folder certs) for the CA certificate and the database connection was good...hurray as expected
deployed appB with SSL turned on and using the .pem file in the CA Cert section and it works fine.... great news.
BUT went thru the same steps on appA and we got the Error connecting message, got the database connection ok but when I came to deploy got the same self signed ssl error.
I'm wondering if something isnt being updated in appA when changing to/from ssl and adding .pem file and removing them???
ALSO i noticed that in the database connection when you turn ssl on then the next line is JUST profile Amazon RDS. if you cycle through the options default, custom etc when you get back to Amazon RDS then the preceeding profiles options remain so if you went to custom then amazon rds then you would see fields for key, cert and CA cert
I still have the problem but now even more confused as to what the problem is.
I have another appB that accesses the same MYSQL database and it works ok, i then checked and SSL was turned off. I then went back to appA and turned SSL off to the same database as appB but I still have the same problem.
I'm not sure it is to do with the heroku jawsdb SSL (as appB works, appA doesnt (when ssl turned off)
I'm now wondering if a rogue self-signed SSL certificate was setup at some time in appA but not appB ....
Does anyone know how to see if a rogue self-signed SSL certificate is setup somewhere or any other thoughts.... at the moment the app doesnt work at all and i have some demos coming up soon.
error message
{status: "500", code: "HANDSHAKE_SSL_ERROR", message: "self-signed certificate in certificate chain",…}
code
:
"HANDSHAKE_SSL_ERROR"
message
:
"self-signed certificate in certificate chain"
stack
:
"Error: self-signed certificate in certificate chain\n at TLSSocket. (/app/node_modules/mysql/lib/Connection.js:317:48)\n at TLSSocket.emit (node:events:520:28)\n at TLSSocket._finishInit (node:_tls_wrap:1078:8)\n at ssl.onhandshakedone (node:_tls_wrap:864:12)\n --------------------\n at Protocol._enqueue (/app/node_modules/mysql/lib/protocol/Protocol.js:144:48)\n at Protocol.handshake (/app/node_modules/mysql/lib/protocol/Protocol.js:51:23)\n at Connection.connect (/app/node_modules/mysql/lib/Connection.js:116:18)\n at /app/node_modules/knex/lib/dialects/mysql/index.js:71:18\n at new Promise ()\n at Client_MySQL.acquireRawConnection (/app/node_modules/knex/lib/dialects/mysql/index.js:66:12)\n at create (/app/node_modules/knex/lib/client.js:262:39)"
status
:
"500"
How about copying the contents of the connection file for the app that works and replacing the contents of the failing connection file with it? Or even recreating the connection again? Backup first though!
