[Docs] Prisma 7 Migration guide does not mention SSL defaults changed when moving from rust engine to node-pg

[arthurfiorette]

This issue is kinda a duplicate of prisma/prisma#28795 but this one just asks to state this information in the documentation and possibly link users to that issue in case of extra problems.

https://www.answeroverflow.com/m/1415722647827775518

Based on the above thread, it seems that previously, invalid SSL certificates were being ignored by Prisma. Since v7 uses node-pg instead of rust engine, the default have changed and migrating to prisma 7 will start throwing User was denied access on the database 'xxx' errors.

The fix is either keep the previous behavior and set:

new PrismaPg({
  connectionString: process.env.DATABASE_URL,
  ssl: { rejectUnauthorized: false },
})

Or to properly set database certificates using either node --use-openssl-ca or by adding NODE_EXTRA_CA_CERTS environment file.

[Ho-s]

I encountered the same issue.

Environment:

• Prisma 7.0 + @prisma/adapter-pg
• AWS RDS PostgreSQL 17
• Docker + Node.js 22

Solution that worked for me:
Using NODE_EXTRA_CA_CERTS environment variable with AWS RDS official certificate:

# Download AWS RDS certificate
wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem

# Set environment variable
NODE_EXTRA_CA_CERTS=/path/to/global-bundle.pem

This way, no need to modify DATABASE_URL. Just set the env var and Node.js automatically trusts the RDS certificate.

+1 for updating the migration guide to mention this SSL behavior change.

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and prompts that you can use with your favorite coding agent.

• Create Plan

Examples

• Example 1
• Example 2

---

🔗 Similar Issues

Related Issues

• db push --skip-generate flag is gone in Prisma 7 #7373
• Upgrade to Prisma ORM 6 - null/undefined behavior change #6752
• WEBSITE: No option for JavaScript in the Getting Started - Quickstart tutorial #7313
• Mention prisma-client generator doesn't require linked dependency #7138
• Doc pointing to the wrong import path for Prisma Client #6794
• Update "Local development for Prisma Accelerate" for Prisma 7 #7377
• SQLite Quickstart is broken #7230
• Add Postico Instructions for PPG Tooling Section #6790

🔗 Related PRs

#7052 - fix: update PostgreSQL connection strings to use db.prisma.io [merged]
#7271 - feat: add mention of mongo support coming for P7 [merged]
#7277 - fix: add SQLite notes [merged]
#7297 - Specify prisma.config.ts file location in Prisma 7 upgrade guide [merged]
#7328 - fix: add callout to resolve studio error [merged]
#7333 - docs(): more v7 updates [merged]
#7346 - Update shadow database configuration instructions [merged]
#7406 - docs: highlight Prisma 7 driver adapter pool defaults and add v6 parity examples [merged]

👤 Suggested Assignees

• ankur-arch
• nurul3101
• jyasskin
• tonypapousek
• goran1010

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!