Database SSL
If you’re using SSL for your database connection or encountering certificate errors, this guide shows how to configure SSL properly using the config.sql option.
Configuring SSL
Section titled “Configuring SSL”The config.sql option gives you full control over the postgres.js client, including SSL settings. For proper certificate verification, you need to provide the CA certificate and enable verification:
import { EdgeWorker } from "@pgflow/edge-worker";import postgres from "postgres";import { MyFlow } from "../../flows/index.ts";
const url = Deno.env.get("EDGE_WORKER_DB_URL")!;const ca = Deno.env.get("DATABASE_CA_CERT")!;
const sql = postgres(url, { prepare: false, // Required for transaction pooling ssl: { ca, rejectUnauthorized: true, },});
EdgeWorker.start(MyFlow, { sql });Setting Up the CA Certificate
Section titled “Setting Up the CA Certificate”- In your Supabase project dashboard, go to Database → Settings
- Scroll to SSL Configuration and click Download certificate
- This downloads a
prod-ca-2021.crtfile containing a PEM certificate:
-----BEGIN CERTIFICATE-----MIIDxDCCAqygAwIBAgIUbLxM......multiple lines of encoded data...-----END CERTIFICATE------ Store the file contents as a Supabase secret under
DATABASE_CA_CERT:
npx supabase secrets set DATABASE_CA_CERT="$(cat prod-ca-2021.crt)"The code example above reads this certificate from Deno.env.get("DATABASE_CA_CERT").
SSL Options Reference
Section titled “SSL Options Reference”postgres.js passes the ssl object to Node.js TLS. Common options:
| Option | Description |
|---|---|
ca | CA certificate content (PEM string) |
rejectUnauthorized | Verify server certificate (recommended: true) |
See Also
Section titled “See Also” Database connection Overview of connection options and priority chain
Troubleshooting connections Fix common connection errors