如何配置sequalize&node mysql以使用新的aws rds根证书rds-ca-2019_Mysql_Node.js_Ssl_Sequelize.js_Amazon Rds

如何配置sequalize&node mysql以使用新的aws rds根证书rds-ca-2019

mysql node.js ssl sequelize.js

如何配置sequalize&node mysql以使用新的aws rds根证书rds-ca-2019,mysql,node.js,ssl,sequelize.js,amazon-rds,Mysql,Node.js,Ssl,Sequelize.js,Amazon Rds,随着AWS在2019年更改rds服务的根ssl证书，2015年起的旧证书将于2020年3月3日失效。看如何配置sequalize以使用新的rds-ca-2019证书 // current sequalize aws rds configuration as of working with 2015 cert var sequelizeConfig = { ... host: "xyz.rds.amazonaws.com", dialectOptions": { ssl: '

随着AWS在2019年更改rds服务的根ssl证书，2015年起的旧证书将于2020年3月3日失效。看

如何配置sequalize以使用新的rds-ca-2019证书

// current sequalize aws rds configuration as of working with 2015 cert
var sequelizeConfig = {
  ...
  host: "xyz.rds.amazonaws.com",
  dialectOptions": {
    ssl: 'Amazon RDS'
  }
}

我无法找到任何使用

手动添加证书的选项。我认为不应在池内定义DiagnolOptions参数，而应在池外定义

像这样：

const sequelize = new Sequelize(dbname, username, password, {
  host: 'host name',
  dialect: 'mysql',
  dialectOptions: {
    ssl: 'Amazon RDS'
  },
  pool: {
    ...
  }
});

const sequelize = new Sequelize(dbname, username, password, {
  host: 'host name',
  dialect: 'mysql',
  ssl: 'Amazon RDS'
  dialectOptions: {
    ...
  },
  pool: {
    ...
  }
});

或者像这样：

const sequelize = new Sequelize(dbname, username, password, {
  host: 'host name',
  dialect: 'mysql',
  dialectOptions: {
    ssl: 'Amazon RDS'
  },
  pool: {
    ...
  }
});

const sequelize = new Sequelize(dbname, username, password, {
  host: 'host name',
  dialect: 'mysql',
  ssl: 'Amazon RDS'
  dialectOptions: {
    ...
  },
  pool: {
    ...
  }
});

确保更新到最新的节点mysql包，这可能会在将来解决此问题

到目前为止，新的aws rds-ca-2019 ca证书似乎尚未合并

未经ca验证的临时修复程序：

var sequelizeConfig = {
  ...
  host: "xyz.rds.amazonaws.com",
  dialectOptions: {
    ssl: true
  }
}

// get rds-ca-2019 certificate directly from aws https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem to ensure validity!!!
const fs = require('fs');
const rdsCa = fs.readFileSync(__dirname + '/rds-ca-2019-root.pem');

var sequelizeConfig = {
  ...
  host: "xyz.rds.amazonaws.com",
  dialectOptions: {
    ssl: {
      rejectUnauthorized: true,
      ca: [rdsCa]
    }
  }
}

并通过证书验证：

var sequelizeConfig = {
  ...
  host: "xyz.rds.amazonaws.com",
  dialectOptions: {
    ssl: true
  }
}

// get rds-ca-2019 certificate directly from aws https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem to ensure validity!!!
const fs = require('fs');
const rdsCa = fs.readFileSync(__dirname + '/rds-ca-2019-root.pem');

var sequelizeConfig = {
  ...
  host: "xyz.rds.amazonaws.com",
  dialectOptions: {
    ssl: {
      rejectUnauthorized: true,
      ca: [rdsCa]
    }
  }
}

thx@jarmod用于链接和显示解决方案的帖子

为什么需要手动配置如果要验证证书，请参阅Thank you@jarmod，博客帖子似乎包含带有ca选项的解决方案。将在接下来的几天内试用。@a取消ca根证书更改，因此据我所知，应用程序需要知道新的公钥，否则它将无法再连接到数据库。不确定，sequelize从哪里获得证书？或者你认为它是自动保存的？thx jarmod，post提供的解决方案你尝试了哪种方法我的代码两种配置选项似乎都有效，但是，如果我将rds更改为新的证书，我想我需要告诉节点应用程序新的根证书。我想@jarmod链接的博客文章包含带有ca config参数的解决方案。我将在接下来的几天内尝试。将配置复制到stackoverflow会导致错误。更正了我的配置，所以问题来自mysql包。