Certificates issue (HW 1.3)

MongoDB University M310: MongoDB Security
#1

I can create my Replicas using mongod:

mongod --replSet MyRepl --sslMode requireSSL --sslPEMKeyFile server.pem --sslCAFile ca.pem --dbpath /H310-HW-1.3/r0/ --logpath /H310-HW-1.3/r0/mongod.log -–port 31130 --fork
mongod --replSet MyRepl --sslMode requireSSL --sslPEMKeyFile server.pem --sslCAFile ca.pem --dbpath /H310-HW-1.3/r1/ --logpath /H310-HW-1.3/r1/mongod.log -–port 31131 --fork
mongod --replSet MyRepl --sslMode requireSSL --sslPEMKeyFile server.pem --sslCAFile ca.pem --dbpath /H310-HW-1.3/r2/ --logpath /H310-HW-1.3/r2/mongod.log -–port 31132 --fork

The sessions start very well but when I invoke mongo
mongo --ssl --sslPEMKeyFile ./shared/certs/client.pem --sslCAFile ./shared/certs/ca.pem --port 31130

I get the following Error:

MongoDB shell version: 3.2.21
connecting to: 127.0.0.1:31130/test
2018-10-20T14:29:12.218+0000 E NETWORK [thread1] The server certificate does not match the host name 127.0.0.1
2018-10-20T14:29:12.220+0000 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name 127.0.0.1 :
connect@src/mongo/shell/mongo.js:231:14
@(connect):1:6
exception: connect failed

Is it the client.pem that is not recognised or the server.pem? But the server.pem worked well when i initiated mongod.

Please help.

#2

Please don’t post answers or potential answers.

Hint: Use the host parameter when starting the mongo shell.

Also don’t forget to …

When you set up your replica set make sure that you use the fully qualified domain name (FQDN) when initiating the replica set. Failing to do so will prevent the validation script from working properly. All of the homework should be completed with Vagrant, so the FQDN will be database.m310.mongodb.university.

Hope that helps,

David

1 Like
#3

Arg, My Apologies. I forgot that.

#4

Thank you David
Your suggestion worked perfectly. Much appreciated.

IG