Can't connect with mongodump after upgrading from 4.4.2 to 4.4.3

Before upgrading from 4.4.2 to 4.4.3, on my Debian system, i was able to connect to my local database, with mongodump command like this:

mongodump --ssl --host=localhost --port=33444 -u="User" -p="Password" --sslPEMKeyFile=/etc/ssl/mongodb/client/client.pem --sslCAFile=/etc/ssl/mongodb/server/server.pem --sslPEMKeyPassword=password --db=mydb --archive=./backups/backup_time.gz --gzip

After upgrade, i’m getting this error:

Failed: can’t create session: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: localhost:38917, Type: Unknow
n, State: Connected, Average RTT: 0, Last error: connection() : x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0 }, ] }

Can someone help me? Sorry for my bad Language!

P.S. Downgrade mongodb-database-tools to v100.2.1 and mongodb-org-tools to 4.4.2 mongodump command working as espected!

The error explains you can use an environment variable GODEBUG=x509ignoreCN=0 to match on the CommonName.

GODEBUG=x509ignoreCN=0 mongodump ....

export GODEBUG=x509ignoreCN=0
mongodump ...

It seems the SANs should contain the servername. So updating your server certs to use SANs should resolve this more permanently.

1 Like

Thx for your fast reply! The SANs in my certificate is follow:

distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
C = IT
L = Milano
O = Ferrari
OU = Web Development
CN = localhost
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
DNS.1 =
DNS.2 =
DNS.3 = localhost

Btw, i have put env variables in my node_env path like: {env: {GODEBUG: 'x509ignoreCN=0'}} and problem is solved!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.