5
I followed this tutorial to create a both a root CA certificate and then used it to sign a key for the mongod server. I run monogd with this configuration, by following this doc:
net:
ssl:
mode: requireSSL
PEMKeyFile: /home/user/device.pem
CAFile: /home/user/rootCA.pem
allowInvalidCertificates: true
allowInvalidHostnames: true
The 2 last ones I added since I am getting a connection failure.
I'm using these lines to connect:
./mongo <host>:<port>/<db> -u <user> -p <pwd> --ssl --sslAllowInvalidCertificates --sslCAFile ~/Downloads/rootCA.pem
./mongo <host>:<port>/<db> -u <user> -p <pwd> --ssl --sslAllowInvalidCertificates
./mongo <host>:<port>/<db> -u <user> -p <pwd> --ssl
But all of these produce:
MongoDB shell version v3.4.2
connecting to: mongodb://<host>:<port>/<db>
2017-03-30T14:39:15.307+0300 E NETWORK [thread1] SSL peer certificate validation failed: self signed certificate
2017-03-30T14:39:15.311+0300 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for SSL peer certificate validation failed: self signed certificate :
connect@src/mongo/shell/mongo.js:237:13
@(connect):1:6
exception: connect failed
Any idea what am I doing wrong? I know it's a self signed certificate Will appreciate your help
Also tried following the answer in here: https://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority/21340898#21340898
2Are you sure that clients have to have certificates? I understood that's the case only if I specify the CAFile parameter as well. regarding security, of course I'm only trying to relax the restrictions as far as possible to make the connection work and then restrict it again once I figure out what is wrong, and it's not production or have any data in it at all... – sagioto – 2017-04-03T11:31:14.393