SSL peer certificate validation failed: unable to get local issuer certificate

I’ve tried numerous times to connect to a remote atlas cluster from the mongo CLI and keep getting the following error. Seems to be related to my SSL cert, but I’d really like to not go through everything outlined here. https://stackoverflow.com/questions/41635371/mongodb-self-signed-ssl-connection-ssl-peer-certificate-validation-failed

2019-03-12T10:54:30.333-0500 I NETWORK [ReplicaSetMonitorWatcher] starting
2019-03-12T10:54:30.505-0500 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate
2019-03-12T10:54:30.659-0500 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate
2019-03-12T10:54:30.842-0500 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate
2019-03-12T10:54:30.843-0500 W NETWORK [thread1] No primary detected for set kvs-m001-shard-0
2019-03-12T10:54:30.843-0500 I NETWORK [thread1] All nodes for set kvs-m001-shard-0 are down. This has happened for 1 checks in a row. Polling will stop after 29 more failed checks
2019-03-12T10:54:31.472-0500 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate
2019-03-12T10:54:31.591-0500 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate
2019-03-12T10:54:31.720-0500 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate
2019-03-12T10:54:31.720-0500 W NETWORK [thread1] No primary detected for set kvs-m001-shard-0
2019-03-12T10:54:31.720-0500 I NETWORK [thread1] All nodes for set kvs-m001-shard-0 are down. This has happened for 2 checks in a row. Polling will stop after 28 more failed checks

Anyone run into this? I’ve been trying to work around this for a couple days now, but the course is about to close and I’m a little frustrated.

Hi Kevin,

I would like to get some additional information from you in relation to this issue.

1. Could you please provide the exact command you are using to connect to the cluster.
2. Please also confirm if Compass is complaining about the same issue.
3. The version of the mongo shell you are using.
4. The output of the following commands:

curl -o /tmp/crlfile http://crl3.digicert.com/ssca-sha2-g6.crl
curl -o /tmp/crlfile2 http://crl4.digicert.com/ssca-sha2-g6.crl

Once we have this info we should be in a better position to troubleshoot this issue for you.

Thanks,
Barry

@barryoneill Thanks for checking in! Here’s what I ran.

1.mongo "mongodb://cluster0-shard-00-00-jxeqq.mongodb.net:27017,cluster0-shard-00-01-jxeqq.mongodb.net:27017,cluster0-shard-00-02-jxeqq.mongodb.net:27017/test?replicaSet=Cluster0-shard-0" --authenticationDatabase admin --ssl --username m001-student --password m001-mongodb-basics

I then tried adding --host from researching the issue but got the same result.

mongo --ssl --host mongodb://cluster0-shard-00-00-jxeqq.mongodb.net:27017,cluster0-shard-00-01-jxeqq.mongodb.net:27017,cluster0-shard-00-02-jxeqq.mongodb.net:27017/?replicaSet=Cluster0-shard-0 --authenticationDatabase admin --username m001-student --password m001-mongodb-basics

2. Compass allows me to connect to both the course cluster and the one I created during week 2. I can’t connect to either from the command line.

3. MongoDB shell version: 3.2.6

4. 

Hi @Kevin_13937,

The version of the shell you are using is quite old. You will need to upgrade to the latest version of the shell.

You can download the shell from the “connect” button on the cluster view in the Atlas UI. Please let me know if you hit any issues after you upgrade your shell to the latest version.

Thanks,
Barry

@barryoneill That did the trick! Thank you.

1. brew install mongodb/brew/mongodb-community-shell
   followed prompts

2. brew unlink mongodb

3. brew link --overwrite mongodb-community-shell