Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-2625

Can't connect to Amazon DocumentDB over SSL/TLS using MongoDB .NET Driver

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Works as Designed
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None

    Description

      I'm unable to connect to Amazon DocumentDB over SSL/TLS using the .NET Driver. I get an remote certificate is invalid error when connection options are: ssl=true&sslVerifyCertificate=true&replicaSet=rs0

      It DOES work when I have sslVerifyCertificate=true in the connectionstring, but that is not acceptable for production.

      We are using a linux docker image and .NET Core 2.2

      We import Amazon RDS Roots on startup successfully:

      X509Store rootTrustStore = new X509Store(StoreName.Root);
      X509Store intermediateTrustStore = new X509Store(StoreName.CertificateAuthority);
      rootTrustStore.Open(OpenFlags.ReadWrite);
      intermediateTrustStore.Open(OpenFlags.ReadWrite);try {
       X509Certificate2Collection certCollection = new X509Certificate2Collection();
       certCollection.Import(System.IO.Path.Combine(Environment.ContentRootPath, $ "{MongoOptions.CertificatePath}.p7b")); var rootCert = certCollection.Cast < X509Certificate2 > ().First(c => c.Subject.Contains("Root CA")); rootTrustStore.Add(rootCert);
       certCollection.Remove(rootCert);
       intermediateTrustStore.AddRange(certCollection); Console.WriteLine("AWS RDS Root Certificate & Intermediates Imported"); //Console.WriteLine($"PEM Location: {pemPath}");
      } catch (Exception ex) {
       Console.WriteLine("Certificate import failed: " + ex.Message);
      } finally {
       rootTrustStore.Close();
       intermediateTrustStore.Close();
      }
      

       

      And set the client settings with the above connection options:

       

      var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(connectionString));
      var client = new MongoClient(clientSettings);
      

       

       

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            isidorac Christopher Isidora
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: