Details
-
Bug
-
Resolution: Works as Designed
-
Major - P3
-
None
-
None
-
None
-
None
Description
I'm unable to connect to Amazon DocumentDB over SSL/TLS using the .NET Driver. I get an remote certificate is invalid error when connection options are: ssl=true&sslVerifyCertificate=true&replicaSet=rs0
It DOES work when I have sslVerifyCertificate=true in the connectionstring, but that is not acceptable for production.
We are using a linux docker image and .NET Core 2.2
We import Amazon RDS Roots on startup successfully:
X509Store rootTrustStore = new X509Store(StoreName.Root); |
X509Store intermediateTrustStore = new X509Store(StoreName.CertificateAuthority); |
rootTrustStore.Open(OpenFlags.ReadWrite);
|
intermediateTrustStore.Open(OpenFlags.ReadWrite);try { |
X509Certificate2Collection certCollection = new X509Certificate2Collection(); |
certCollection.Import(System.IO.Path.Combine(Environment.ContentRootPath, $ "{MongoOptions.CertificatePath}.p7b")); var rootCert = certCollection.Cast < X509Certificate2 > ().First(c => c.Subject.Contains("Root CA")); rootTrustStore.Add(rootCert); |
certCollection.Remove(rootCert);
|
intermediateTrustStore.AddRange(certCollection); Console.WriteLine("AWS RDS Root Certificate & Intermediates Imported"); //Console.WriteLine($"PEM Location: {pemPath}"); |
} catch (Exception ex) { |
Console.WriteLine("Certificate import failed: " + ex.Message); |
} finally { |
rootTrustStore.Close();
|
intermediateTrustStore.Close();
|
}
|
And set the client settings with the above connection options:
var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(connectionString)); |
var client = new MongoClient(clientSettings); |