R
Railway16mo ago
druso12

Installing Server Certificates

Hi! I'm a beginner in programming. I have a FastAPI python app hosted on railway, it connects to sql servers that I host on cockroachlab. In order to access them I need to install certificates, how can I do that within railway? Should I add something to my railway.json? SOmething to do in the backend? This is cockroach certification details if needed... https://www.cockroachlabs.com/docs/cockroachcloud/serverless-faqs?_ga=2.70853075.276180621.1691367821-1769740945.1689318988#what-certificates-do-i-need-to-connect-to-my-cluster Really appreciate your support
CockroachDB Docs
CockroachDB Serverless FAQs
Get answers to frequently asked questions about CockroachDB serverless
Solution:
I've never used cockroachdb before, I wouldn't know the exact steps it would take, but if I came down to it I'd probably do something with openssl and generate the certs during build and then use them during connection to the database
Jump to solution
9 Replies
Percy
Percy16mo ago
Project ID: N/A
druso12
druso12OP16mo ago
bloody-crown I think... Project ID: 844577de-e491-4f14-ace1-d5f869c15582
Brody
Brody16mo ago
right off the bat that guide says 
When connecting to your cluster using the CockroachDB SQL client or many drivers and ORMs, you don't need to download a root CA certificate and configure your client to use that certificate
When connecting to your cluster using the CockroachDB SQL client or many drivers and ORMs, you don't need to download a root CA certificate and configure your client to use that certificate
are you not using the cockroachDB client or a driver that uses the systems ca certs? because railways deployments should come with ca-certs installed afaik could you show us any error you are getting?
druso12
druso12OP16mo ago
thank you for your response Brody. When the application tries to write on one my my tables I get  2023-08-08 00:07:44: Error uploading interaction to database: (psycopg2.OperationalError) connection to server at "gpt-cluster-9009.8nj.cockroachlabs.cloud" (35.205.46.41), port 26257 failed: root certificate file "/root/.postgresql/root.crt" does not exist Either provide the file or change sslmode to disable server certificate verification. (Background on this error at: https://sqlalche.me/e/20/e3q8) Just checked: if I set sslmode=require in the connection it works, but the connection is not secure... now I have the connection set with sslmode=require
Brody
Brody16mo ago
what makes you think sslmode=require makes it insecure, that doesn't sound like it disabled ssl
druso12
druso12OP16mo ago
I see. From https://www.cockroachlabs.com/docs/stable/connection-parameters sslmode=require "Force a secure connection. An error occurs if the secure connection cannot be established." Since I'm not seeing any error it should be connecting securely. I learned something new, thank you for your patience Brody. My requirement of installing a certificate is not necessary anymore for this case. But, to get a better understanding of the topic: would it be necessary for other cases, what would be the way to go? Is it a remote case?
CockroachDB Docs
Client Connection Parameters
This page describes the parameters used to establish a client connection.
Solution
Brody
Brody16mo ago
I've never used cockroachdb before, I wouldn't know the exact steps it would take, but if I came down to it I'd probably do something with openssl and generate the certs during build and then use them during connection to the database
druso12
druso12OP16mo ago
Thanks!
Brody
Brody16mo ago
no problem! 🙂
Want results from more Discord servers?
Add your server