With MongoDB version 4.4.2, I am trying to use X509.
At this point I can launch the server like this:
...$ mongod --tlsMode requireTLS --tlsCertificateKeyFile theServer.pem --tlsCAFile theCA.pem --dbpath /mnt/mongoDB-One/DB_X509 --logpath /mnt/mongoDB-One/DB_X509/mongod.log --fork
about to fork child process, waiting until server is ready for connections.
forked process: 3082
child process started successfully, parent exiting
...$
I can later check that mongod keeps running.
...$ ps -ef | grep mongod
ubuntu 3082 1 1 06:52 ? 00:00:17 mongod --tlsMode requireTLS --tlsCertificateKeyFile theServer.pem --tlsCAFile theCA.pem --dbpath /mnt/mongoDB-One/DB_X509 --logpath /mnt/mongoDB-One/DB_X509/mongod.log --fork
ubuntu 3152 2299 0 07:10 pts/0 00:00:00 grep --color=auto mongod
...$
But one problem arises when I want to launch mongo shell. I get this:
...$ mongo --tls --tlsCertificateKeyFile client.pem --tlsCAFile theCA.pem
{"t":{"$date":"2021-01-05T07:14:46.176Z"},"s":"E", "c":"NETWORK", "id":23251, "ctx":"main","msg":"Cannot read PEM key file","attr":{"keyFile":"client.pem","error":"error:0909006C:PEM routines:get_name:no start line"}}
Failed global initialization: InvalidSSLConfiguration Can not set up PEM key file.
...$
And this is what I see in the log file:
{"t":{"$date":"2021-01-05T06:52:22.375+00:00"},"s":"I", "c":"NETWORK", "id":23016, "ctx":"listener","msg":"Waiting for connections","attr":{"port":27017,"ssl":"on"}}
{"t":{"$date":"2021-01-05T06:58:12.408+00:00"},"s":"I", "c":"NETWORK", "id":22943, "ctx":"listener","msg":"Connection accepted","attr":{"remote":"127.0.0.1:44274","connectionId":1,"connectionCount":1}}
{"t":{"$date":"2021-01-05T06:58:12.520+00:00"},"s":"E", "c":"NETWORK", "id":23256, "ctx":"conn1","msg":"SSL peer certificate validation failed","attr":{"error":"SSL peer certificate validation failed: unable to get issuer certificate"}}
{"t":{"$date":"2021-01-05T06:58:12.520+00:00"},"s":"I", "c":"NETWORK", "id":22988, "ctx":"conn1","msg":"Error receiving request from client. Ending connection from remote","attr":{"error":{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"SSL peer certificate validation failed: unable to get issuer certificate"},"remote":"127.0.0.1:44274","connectionId":1}}
{"t":{"$date":"2021-01-05T06:58:12.520+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn1","msg":"Connection ended","attr":{"remote":"127.0.0.1:44274","connectionId":1,"connectionCount":0}}
(END)
I guess there is something wrong with the client.pem
, but I don’t know what to do. I tried what I had to do to make the server .pem file work, but to no avail at this point.
Has anyone had this experience before and knows a solution?