How to configure sslmode in Sequelize?

This is my config file for Sequelize:

...
staging: {
    username: process.env.DB_USER,
    password: process.env.DB_PASSWORD,
    database: process.env.DB_NAME,
    host: process.env.DB_HOST,
    dialect: "postgres",
    native: true,
    ssl: "require", // not working
    dialectOptions: {
      project: "demo-db",
    },
    pool: {
      max: 5,
      min: 0,
      acquire: 30000,
      idle: 10000,
    },
  },
...

What is the right way to config in Sequelize to set sslmode=require?

1 Like

Hi, I found that this works. Please try it and let us know.

dialectOptions: {
    ssl: {
    require: true
    }
}

@Daniel thanks for the reply. But getting a new error now:

I am looking at this for the first time myself. With that in mind, here’s a couple of options to try:

  1. Use rejectUnauthorized: false
 dialectOptions: {
    ssl: {
      require: true,
      rejectUnauthorized: false, // <-- Add this line
    },
  },

This essentially disables SSL/TLS certificate validation, which is not recommended from a security perspective.

  1. Specify a root cert file, as in this example:
const { Sequelize } = require('sequelize');
const fs = require('fs');

// Read the certificate file (use the correct path for your certificate file)
const rootCert = fs.readFileSync('/etc/ssl/certs/ca-certificates.crt');

const sequelize = new Sequelize('postgres://<user>:<password>@ep-snowy-unit-123456.us-east-2.aws.neon.tech/neondb', {
  dialectOptions: {
    ssl: {
      require: true,
      ca: rootCert, // Use the root certificate
     }
  }
});

We provide some information here about the location of cert files on different operating systems: Connect to Neon securely — Neon Docs

The cert file path used in the example above is for my Ubuntu machine.

Let us know if you get it working.

rejectUnauthorized: false solves the issue. Here is my complete config for anyone coming in search for Sequelize:

username: process.env.DB_USER,
    password: process.env.DB_PASSWORD,
    database: process.env.DB_NAME,
    host: process.env.DB_HOST,
    dialect: "postgres",
    native: true,
    dialectOptions: {
      project: "bb-core-demo-db",
      ssl: {
        require: true,
        rejectUnauthorized: false,
      },
    },
1 Like