MongoNetworkError: unable to get local issuer certificate

Yaseen_Shaik · April 30, 2020, 7:50pm

SetEnv MONGO_URL mongodb://:@XXXXXXXXX.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=/home/ec2-user/rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false

App 2291 output: MongoNetworkError: failed to connect to server [XXXXXX.docdb.amazonaws.com:27017] on first connect [Error: unable to get local issuer certificate
App 2291 output: at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
App 2291 output: at TLSSocket.emit (events.js:310:20)
App 2291 output: at TLSSocket.EventEmitter.emit (domain.js:482:12)
App 2291 output: at TLSSocket._finishInit (_tls_wrap.js:917:8)
App 2291 output: at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12) {
App 2291 output: name: ‘MongoNetworkError’,
App 2291 output: [Symbol(mongoErrorContextSymbol)]: {}
App 2291 output: }]

MongoNetworkError: [Error: unable to get local issuer certificate

Ramachandra_Tummala · May 1, 2020, 1:39am

Please check this link

github.com/RallyTools/rally-node

Error: Error: unable to get local issuer certificate

opened 02:43PM - 23 Jan 18 UTC

UtkarshMishr

Getting below error { Error: Error: unable to get local issuer certificate … at generateError (C:\Users\mishrut\full_stack\gitlab_rally_alm\node_modules\rally\dist\request.js:38:11) at Request._callback (C:\Users\mishrut\full_stack\gitlab_rally_alm\node_modules\rally\dist\request.js:110:20) at self.callback (C:\Users\mishrut\full_stack\gitlab_rally_alm\node_modules\request\request.js:187:22) at emitOne (events.js:116:13) at Request.emit (events.js:211:7) at Request.onRequestError (C:\Users\mishrut\full_stack\gitlab_rally_alm\node_modules\request\request.js:813:8) at emitOne (events.js:116:13) at ClientRequest.emit (events.js:211:7) at TLSSocket.socketErrorListener (_http_client.js:387:9) at emitOne (events.js:116:13) errors: [ { Error: unable to get local issuer certificate at TLSSocket.<anonymous> (_tls_wrap.js:1103:38) at emitNone (events.js:106:13) at TLSSocket.emit (events.js:208:7) at TLSSocket._finishInit (_tls_wrap.js:637:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:467:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' } ] } (node:9540) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: Error: unable to get local issuer cert (node:9540) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not hand minate the Node.js process with a non-zero exit code. { Error: Error: unable to get local issuer certificate at generateError (C:\Users\mishrut\full_stack\gitlab_rally_alm\node_modules\rally\dist\request.js:38:11) at Request._callback (C:\Users\mishrut\full_stack\gitlab_rally_alm\node_modules\rally\dist\request.js:110:20) at self.callback (C:\Users\mishrut\full_stack\gitlab_rally_alm\node_modules\request\request.js:187:22) at emitOne (events.js:116:13) at Request.emit (events.js:211:7) at Request.onRequestError (C:\Users\mishrut\full_stack\gitlab_rally_alm\node_modules\request\request.js:813:8) at emitOne (events.js:116:13) at ClientRequest.emit (events.js:211:7) at TLSSocket.socketErrorListener (_http_client.js:387:9) at emitOne (events.js:116:13) errors: [ { Error: unable to get local issuer certificate at TLSSocket.<anonymous> (_tls_wrap.js:1103:38) at emitNone (events.js:106:13) at TLSSocket.emit (events.js:208:7) at TLSSocket._finishInit (_tls_wrap.js:637:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:467:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' } ] } (node:9540) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 2): Error: Error: unable to get local issuer cert

I see you have posted on stackexchange too
There are couple of other threads on this error
May be the certificate is not from trusted source or your company rules not allowing it

Yaseen_Shaik · May 1, 2020, 4:58am

Certificate is working fine if I connect via SSL to data base. It is not working if I use it from Apache. I am using phusion passenger for Meteor

chris · May 1, 2020, 1:28pm

This is likely a permission/access issue on /home/ec2-user/rds-combined-ca-bundle.pem

Whatever user apache/phusion is running as needs access to that file. Under a user directory this is unlikely to be the case.

Yaseen_Shaik · May 5, 2020, 12:12pm

@chris Thankyou for the response, I tried below fix, but still getting the same error.

I moved it to /var/www/medapp/rds-combined-ca-bundle.pem
-rwxr-xr-x 1 medappuser medappuser 43888 May 5 11:07 rds-combined-ca-bundle.pem

SetEnv MONGO_URL mongodb://:@XXXXXXXXX.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=/var/www/medapp/rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false

chris · May 5, 2020, 12:44pm

Sorry I assumed the driver took care of this.

You need to do something like this:
http://mongodb.github.io/node-mongodb-native/3.5/tutorials/connect/tls/#validate-server-certificate

Yaseen_Shaik · May 5, 2020, 3:32pm

Thanks a lot @chris, it is fixed now.

I am supposed to use tls=true&tlsCAFile=/var/www/covidapp/rds-combined-ca-bundle.pem instead of ssl=true&ssl_ca_certs=/var/www/medapp/rds-combined-ca-bundle.pem

chris · May 5, 2020, 3:34pm

Oh great, I missed that.

system · November 1, 2020, 5:31am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.