Error when I configure replicaset with internal authentication by x509

Good morning everyone

I am setting up a replicaset environment with Mongo version 4.4. I am using three servers to implement a replicaset in my environment.

The initial default configuration works perfectly, I correctly raise the replicaset on the primary node, and then add the two secondary nodes, and I see in the rs state that everything is correct.

To secure a little more, I have read the documentation that there are two internal authentication mechanisms, between the members of the replicaset: keyfile and x509 certificates.

I implemented the first solution, and it worked correctly. I generate a file with a key, and I pass it on to each of the nodes. But the documentation recommends that for production environments it is advisable to perform internal authentication by x509 certificates. I have followed the documentation, I have created my self-signed certificates for each of the hosts, I have changed the configuration of the mongod.conf file, and when lifting each of the nodes, in the log I see the following:

I have generated the self-signed certificates all the same except for the CN field that I have put the FQND of each of the servers. And if I make a hostname in the operating system, the FQDN of the server comes out, that is, it is the same. What am I missing in the configuration?

Best regards.

hello Eduardo,
the log says that your nodes do not show up with FQDN but only with the short name, so the CN must contain only the short name. do you have any entries in /etc/hosts? are your nodes in DNS?

Thank you very much for the reply Walter.

I have done several tests but it keeps giving me the same error.

Could you tell me or point out the steps and how to do it from the generation of the self-signed certificate to the change of configuration so that instead of using the keyfile authentication that is what I have now, the x509 authentication can be used for only internal authentication between the nodes of the replica set?