-
Type:
Bug
-
Resolution: Works as Designed
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
I'm unable to connect to Amazon DocumentDB over SSL/TLS using the .NET Driver. I get an remote certificate is invalid error when connection options are: ssl=true&sslVerifyCertificate=true&replicaSet=rs0
It DOES work when I have sslVerifyCertificate=true in the connectionstring, but that is not acceptable for production.
We are using a linux docker image and .NET Core 2.2
We import Amazon RDS Roots on startup successfully:
X509Store rootTrustStore = new X509Store(StoreName.Root); X509Store intermediateTrustStore = new X509Store(StoreName.CertificateAuthority); rootTrustStore.Open(OpenFlags.ReadWrite); intermediateTrustStore.Open(OpenFlags.ReadWrite);try { X509Certificate2Collection certCollection = new X509Certificate2Collection(); certCollection.Import(System.IO.Path.Combine(Environment.ContentRootPath, $ "{MongoOptions.CertificatePath}.p7b")); var rootCert = certCollection.Cast < X509Certificate2 > ().First(c => c.Subject.Contains("Root CA")); rootTrustStore.Add(rootCert); certCollection.Remove(rootCert); intermediateTrustStore.AddRange(certCollection); Console.WriteLine("AWS RDS Root Certificate & Intermediates Imported"); //Console.WriteLine($"PEM Location: {pemPath}"); } catch (Exception ex) { Console.WriteLine("Certificate import failed: " + ex.Message); } finally { rootTrustStore.Close(); intermediateTrustStore.Close(); }
And set the client settings with the above connection options:
var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(connectionString)); var client = new MongoClient(clientSettings);