TLS/SSL issue to connect MongoDB Atlas from PHP

Hi All,
I am trying to connect my PHP (CodeIgniter) application to MongoDB Atlas. But connection failed and reason is TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.

I am using
-PHP 7.4.7 (Codeigniter Framework)
-MongoDB Extention version 1.7.4
-Ubuntu 18.4
-Xampp

Full error log is

#### An uncaught Exception was encountered

Type: MongoDB\Driver\Exception\ConnectionTimeoutException

Message: No suitable servers found: `serverSelectionTimeoutMS` expired: [TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed calling ismaster on 'bohoz-shard-00-02.817p7.azure.mongodb.net:27017'] [TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed calling ismaster on 'bohoz-shard-00-01.817p7.azure.mongodb.net:27017'] [TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:

Filename: /home/rumaiz/MyWork/AAYUS/php_works/mvm-admin-portal/vendor/mongodb/mongodb/src/functions.php

Line Number: 431

Please help to resolve this issue.

Try updating ca-certificates first.

sudo apt-get update
sudo apt-get -y install ca-certificates
1 Like

Tried this. But not worked.

rumaiz@rumaiz-HP-ProBook-450-G0:~$ sudo apt-get -y install ca-certificates
Reading package lists… Done
Building dependency tree
Reading state information… Done
ca-certificates is already the newest version (20190110~18.04.1).
0 upgraded, 0 newly installed, 0 to remove and 19 not upgraded.

Still Same error

You should next make sure php is using the system certificate store. It may be that your development environment is overriding the use of the default path.

This is from a vanilla php:7.4.7 container:

php > var_dump(openssl_get_cert_locations());
array(8) {
  ["default_cert_file"]=>
  string(21) "/usr/lib/ssl/cert.pem"
  ["default_cert_file_env"]=>
  string(13) "SSL_CERT_FILE"
  ["default_cert_dir"]=>
  string(18) "/usr/lib/ssl/certs"
  ["default_cert_dir_env"]=>
  string(12) "SSL_CERT_DIR"
  ["default_private_dir"]=>
  string(20) "/usr/lib/ssl/private"
  ["default_default_cert_area"]=>
  string(12) "/usr/lib/ssl"
  ["ini_cafile"]=>
  string(0) ""
  ["ini_capath"]=>
  string(0) ""
}

If I remove the DST_Root_CA_X3.pem from my certificate path I get the exact same error.

1 Like