Issues connecting to Atlas Database

Excel8392 · July 29, 2020, 8:48pm

First of all - I am using MongoDB java driver 3.12.2

I have created an project on atlas (using the free plan, so shared cluster) and am having trouble connecting to it using the java driver.

Currently, I code I am using for connecting looks like this:

MongoClient mongoClient = MongoClients.create("mongodb+srv://excel:<password>@excelerate.svfgy.mongodb.net/database?retryWrites=true&w=majority");
database = mongoClient.getDatabase("database");
collection = database.getCollection("collection-1");

And that works completely fine. However, when I try to search for a document in the database using code which looks like this:

database.getCollection().find(Filters.eq("user-id", this.userId)).first();

I get a very long exception:

com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting for a server that matches com.mongodb.client.internal.MongoClientDelegate$1@7e32e7b1. Client view of cluster state is {type=REPLICA_SET, servers=[{address:27017=excelerate-shard-00-01.svfgy.mongodb.net, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 18.158.163.233 found}, caused by {java.security.cert.CertificateException: No subject alternative names matching IP address 18.158.163.233 found}}, {address:27017=excelerate-shard-00-00.svfgy.mongodb.net, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 18.185.151.83 found}, caused by {java.security.cert.CertificateException: No subject alternative names matching IP address 18.185.151.83 found}}, {address:27017=excelerate-shard-00-02.svfgy.mongodb.net, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 3.122.218.128 found}, caused by {java.security.cert.CertificateException: No subject alternative names matching IP address 3.122.218.128 found}}]

My initial thoughts were that this was an authentication issue - so I triple checked that my network access was set to “access from anywhere”, username and password were correct.

Another small thing I took notice of was that even if your password is incorrect in the connection URI, the MongoClients.create won’t throw an exception.
Also I tried connecting to the database in the mongo shell, and that seems to work just fine, which led me to think that this is an issue with the driver (which is why this is in the drivers section and not atlas section).

I have done numerous google searches to figure this out, and I can’t find anyone with the exact exception I got.

Any help is greatly appreciated, and if you need more information I will add that as soon as I get a chance.

Pavel_Duchovny · July 30, 2020, 5:45am

Hi @Excel8392,

Considering the following cause:

caused by {java.security.cert.CertificateException: No subject alternative names matching IP address 18.158.163.233 found}},

I believe your issue is that the java key store cannot locate the atlas public CA. This is required as Atlas traffic requires SSL.

Please verify that the latest certificate is pushed in your java store:

Also look on the java consideration on that page.

Let me know if that helps.

Pavel

Excel8392 · July 30, 2020, 10:54am

Thanks for the quick response!

I do not have a Let’s Encrypt certificate set up, and the process of setting one up seems to be a little tedious. Is it possible to either use a different type of certificate, or no certificate at all?
Sorry if the answer to my question is obvious, I am new to using MongoDB and am still trying to figure everything out.

Pavel_Duchovny · July 30, 2020, 12:37pm

Hi @Excel8392,

Atlas requires this certificate for the SSL encryption.

For latest Java runtime it should be present in the key store, but I suspect you are using an older version:

Let’s Encrypt isn’t present in the default trust store for Java version 7 prior to the 7u111 update, or Java version 8 prior to the 8u101 update. Use a Java release after 19 July 2016.

Please ensure your Java client software is up-to-date. The latest Java versions are strongly recommended for many improvements beyond these new Certificate Authority requirements for our TLS certificates.

Anyway it should not take so much time to configure it on your machine.

Download the certificate :

ISRG Root X1: https://letsencrypt.org/certs/isrgrootx1.pem.txt
(IdenTrust) DST Root CA X3: https://letsencrypt.org/certs/trustid-x3-root.pem.txt

use keytool to import

keytool -importcert -file <root-certificate-filename> -keystore </path/to/keystore/keystore.jks> -alias "Alias"

Check imported:

keytool -list -cacerts >certs.txt
 grep -i 'dst_root' certs.txt

Restart application and test.

Please let me know if you have any additional questions.

Best regards,
Pavel

Excel8392 · August 1, 2020, 9:41pm

Thank you so much for the quick response, that fixed it.

system · August 6, 2020, 9:51pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.