It’s an interesting problem @Oleg_26459, because MongoDB’s certificates should be trusted by your OS by default.
Could you please run the following command? That’s asssuming you’re running on a Unix (like Linux or MacOS), or that you have openssl installed on Windows. If you’re on Windows without OpenSSL, then this test will not work.
openssl s_client -connect cluster0-shard-00-01-astdj.mongodb.net:27017 < /dev/null > certfile.crt
In my case this shows:
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
depth=0 C = US, ST = New York, L = New York, O = “MongoDB, Inc.”, OU = Cloud SRE, CN = *.mongodb.net
The “verify return:1” at each step is the important part. What your computer or Mongo shell is telling you, is that it does not trust the first step: the DigiCert Root CA.
There are ways of making that work (by providing the Mongo shell with a link to the trusted cert stored locally), but it’s more useful to find out why your OS distrusts the cert.
Can you tell us a bit about your configuration?
- On what kind of system are you running the mongo shell?
- Which OS and which version?(your earlier output suggests a Windows)
- Can you show us your mongo shell command?
According to this page on their site, the DigiCert Root CA should be included upwards from WinXP SP3.
The quick and dirty fix is to re-import the DigiCert Root CA onto your system.
Download this file from their website: DigiCert Global Root CA.
Double-click the file (DigiCertGlobalRootCA.crt) and Windows will ask you whether you want to install this certificate as a Trusted Root CA. This is what you want. You will need administrator access to your system.
If this is not your computer, do NOT install this certificate without approval from your system administrator.