SSL Validation error while connecting to Atlas Cluster

mongo “mongodb://cluster0-shard-00-00-jxeqq.mongodb.net:27017,cluster0-shard-00-01-
jxeqq.mongodb.net:27017,cluster0-shard-00-02-jxeqq.mongodb.net:27017/aggregations?replicaSet=Cluster0-shard-0” --authenticationDatabase admin --ssl -u m121 -p aggregations --norc

Using the above command gave me the following error:

SSL peer certificate validation error.

Heh, that’s interesting!

Could it be that you’re doing your coursework at the office? Or that you’re using some security software on your computer that may inspect your Internet traffic?

Reason I ask is that some proxy servers or security software will try to break open TLS traffic for inspection. They do this by effectively performing a Man In The Middle attack, by putting themselves between your client software and the remote server. And to that end, they offer their own TLS/SSL certificate as if it’s the actual server’s cert.

I don’t know if that is the issue.
In fact I don’t even know, when I set up the SSL part.

You didn’t set up TLS, the guys at Atlas did. The connection to the shared student cluster on jxeqq.mongodb.net uses TLS.

The question stands:

  • are you at work, or at home?
  • do you have McAfee or some other internet-security software on your computer?

Well I am at home now. And I do not have any anti virus software.

Ah hang on… My bad, I’m mixing up a few things, sorry. I was thinking as if you were working on a Windows box. Sorry.

If you want the TLS validation to work, you’ll need to have the CA chain for Atlas imported into your trust store. Or simply tell the Mongo shell to ignore TLS validation.

Full details over here:

https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/#mongo-shell-configuration

To fix it correctly, use the --sslCAFile option while providing the CA chain for Atlas. In order to fix it in a dirty way (while running security risks, use --sslAllowInvalidCertificates.

@dschupp: any suggestions on where we can grab the CA chain PEM file for Atlas?