We are trying to connect our N8N with our managed AWS Postgres. It works perfectly without SSL enabled, but when we enable the SSL, we get the following error: " unable to get local issuer certificate". We are using the RDS CA and set this option “DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED” to false as recommended in [1]
In our Dockerfile, we are passing the following environmental variables as follows:
I have no experience in running Postgres over SSL, but shouldn’t you use the DB_POSTGRESDB_SSL_CERT key instead of DB_POSTGRESDB_SSL_CA?
Another important point is that your n8n instance needs to be able to connect to the Certificate Authority (which I believe requires internet access). That is also worth checking in your networking settings.
Let me know if you make progress. I hope this helps.
From what I understand after reading this Medium article [1], the “ssl.ca” entry should point to the AWS RDS root certificate, meaning “ssl.ca” in the n8n code [1]. And this variable is initialized from the environmental variable “DB_POSTGRESDB_SSL_CA”
Afais DB_POSTGRESDB_SSL_CA accepts a certificate and not a certificate pathname as highlighted in the documentation [1] ? Could we please update the code as follows:
Because it is not. Would not be great to have to define every variable twice just for that. It simply checks on runtime for each of them if it exists or not:
We found the issue. In the Postgres node (via UI), we cannot specify the CA file when enabling the SSL mode. By modifying the code as follows, we made it work.
So just to clarify, are you trying to use SSL to a Postgres instance that is being used as n8n’s backend or are you trying to set up SSL for a node that connects to a Postgres instance on AWS, with no relation to n8n’s backend database?
In the first case, the suggestion from Jan solves the issue, but for the second case, then it is really not possible at the moment. In this case, instead of reading from a fixed file I would suggest pasting in the contents of the files as part of the credentials. This would work better.
“”"
you trying to set up SSL for a node that connects to a Postgres instance on AWS, with no relation to n8n’s backend database
“”"
→ we are trying to address this issue.
“”"
In this case, instead of reading from a fixed file I would suggest pasting in the contents of the files as part of the credentials. This would work better.
“”"
→ both ways would work for us