Chapter 1: Authentication - Enabling X.509 - Issue

Hi,

I have started the mongod with X509 -

mongod --sslMode requireSSL --sslPEMKeyFile server.pem --sslCAFile ca.pem --auth --dbpath /home/vagrant/data/db --logpath /home/vagrant/data/log/mongod_log_27017.log --fork --logappend

then when I tried to connect, I am getting below error-

vagrant@database:~/shared/chapter_1_authentication/m310-certs$ mongo --ssl --sslPEMKeyFile client.pem --sslCAFile ca.pem
MongoDB shell version: 3.2.21
connecting to: test
2018-09-19T07:49:45.365+0000 E NETWORK [thread1] The server certificate does not match the host name 127.0.0.1
2018-09-19T07:49:45.366+0000 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name 127.0.0.1 :
connect@src/mongo/shell/mongo.js:229:14
@(connect):1:6

exception: connect failed

Hi anudeepsp,

When connecting to the server with the mongo shell you need to supply the --host option passing the FQDN of the server.

database.m310.mongodb.university

This host name matches the server and the certificate.

Hope this helps,

David

@dschupp - Thank you for your help. It worked!

my replicate is up. but getting the following error at the validation step.

vagrant@database:~/shared$ ./validate-hw-1.3.sh
{ unauthorizedStatus: {“ok”:0,“errmsg”:“not authorized on admin to execute command { replSetGetStatus: 1.0 }”,“code”:13}, memberStatuses: Error: Could not find user C=US,ST=New York,L=New York City,O=MongoDB,OU=University2,CN=M310 Client@$external 2019-02-14T16:49:28.526+0000 E QUERY [thread1] TypeError: status.members is undefined : @(shell eval):7:16 }

1 Like

@ asif284

First of all, in general please open a new post when you have a new question. As you can see, this is an old post and marked as answered. These older posts are here for reference, but not for re-opening them with new questions as I may miss them and you won’t get a timely answer.

That said (you’re in luck here :wink: ) I would point out the Lecture note on x.509, which gives you the way to set the user name for your authentication.

openssl x509 =in client.pem -inform PEM -subject -nameopt RFC2253 -noout

It appears, from your error message that you have not correctly set the user name. Change that and see if it works. If not, create a new post and let me know what the error is. Good luck.