Well, I think I am stuck.
I have started 3 nodes in a replica set with SSL allowed. I can connect with user ‘will’. I have permissions as expected. I can db.auth to the x.509 account I created, and I see I have permissions - for example I can call db.getUsers().
Even with these successes, the validation script fails. Upon investigation, if I try to connect to mongo using the x.509 account it has no permissions. No error is generated, but I cannot do anything. So, it seems using the ‘auth’ command I get permissions but connecting to mongo shell directly using the x.509 credentials it fails.
Any pointers where to look?