R
Railway10mo ago
druso12

Installing Server Certificates

Hi! I'm a beginner in programming. I have a FastAPI python app hosted on railway, it connects to sql servers that I host on cockroachlab. In order to access them I need to install certificates, how can I do that within railway? Should I add something to my railway.json? SOmething to do in the backend? This is cockroach certification details if needed... https://www.cockroachlabs.com/docs/cockroachcloud/serverless-faqs?_ga=2.70853075.276180621.1691367821-1769740945.1689318988#what-certificates-do-i-need-to-connect-to-my-cluster Really appreciate your support
CockroachDB Docs
CockroachDB Serverless FAQs
Get answers to frequently asked questions about CockroachDB serverless
Solution:
I've never used cockroachdb before, I wouldn't know the exact steps it would take, but if I came down to it I'd probably do something with openssl and generate the certs during build and then use them during connection to the database
Jump to solution
9 Replies
Percy
Percy10mo ago
Project ID: N/A
druso12
druso1210mo ago
bloody-crown I think... Project ID: 844577de-e491-4f14-ace1-d5f869c15582
Brody
Brody10mo ago
right off the bat that guide says 
When connecting to your cluster using the CockroachDB SQL client or many drivers and ORMs, you don't need to download a root CA certificate and configure your client to use that certificate
When connecting to your cluster using the CockroachDB SQL client or many drivers and ORMs, you don't need to download a root CA certificate and configure your client to use that certificate
are you not using the cockroachDB client or a driver that uses the systems ca certs? because railways deployments should come with ca-certs installed afaik could you show us any error you are getting?
druso12
druso1210mo ago
thank you for your response Brody. When the application tries to write on one my my tables I get  2023-08-08 00:07:44: Error uploading interaction to database: (psycopg2.OperationalError) connection to server at "gpt-cluster-9009.8nj.cockroachlabs.cloud" (35.205.46.41), port 26257 failed: root certificate file "/root/.postgresql/root.crt" does not exist Either provide the file or change sslmode to disable server certificate verification. (Background on this error at: https://sqlalche.me/e/20/e3q8) Just checked: if I set sslmode=require in the connection it works, but the connection is not secure... now I have the connection set with sslmode=require
Brody
Brody10mo ago
what makes you think sslmode=require makes it insecure, that doesn't sound like it disabled ssl
druso12
druso1210mo ago
I see. From https://www.cockroachlabs.com/docs/stable/connection-parameters sslmode=require "Force a secure connection. An error occurs if the secure connection cannot be established." Since I'm not seeing any error it should be connecting securely. I learned something new, thank you for your patience Brody. My requirement of installing a certificate is not necessary anymore for this case. But, to get a better understanding of the topic: would it be necessary for other cases, what would be the way to go? Is it a remote case?
CockroachDB Docs
Client Connection Parameters
This page describes the parameters used to establish a client connection.
Solution
Brody
Brody10mo ago
I've never used cockroachdb before, I wouldn't know the exact steps it would take, but if I came down to it I'd probably do something with openssl and generate the certs during build and then use them during connection to the database
druso12
druso1210mo ago
Thanks!
Brody
Brody10mo ago
no problem! 🙂
Want results from more Discord servers?
Add your server
More Posts
Billing/Payment IssuesRailway has been bouncing me around for some time now. I was made to pay $20 worth of debts which I Project gone from Railway appDeploy python 3.11 error invalid syntaxTraceback (most recent call last): File "main.py", line 9, in <module> from tg.utils import stringDeployed a Ghost site, need to change sitemap.hbs fileHi, I created a new project on Railway from template, no Git repo was linked. Things were great! But404 when loading projectI'm getting a 404 error when loading a project from the Railway dashboardCan't provision anything - Cert is expiredHi folks. The cert for "https://kiwi.railway.app/script.js" seems to be expired and I get an error mexpose HTTP + Websockets for (rather monolithic) Node.js-ApplicationHello everyone. I'm currently trying to set up a nest.js app that uses both https and wss on differeif i upgrade to hobby plan can i download the db file?it's possible?renewis it possible to renew hobby plan before the target end day? for me its 11 aug but i want to renew Database connection issueI'm not sure what happened, but my dev environment went down and when I added a payment and brought