Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-3508

ATLAS AuthenticationException: The remote certificate is invalid according to the validation procedure

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.10.3
    • Component/s: Connectivity, Security
    • None
    • Environment:
      Windows Server 2019
      C# 4.6.1
      MongoDB Driver 2.10.3
      ATLAS cluster

      When connecting to ATLAS cluster from a secure server we're receiving the following error:

      Exception encountered: A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "2", ConnectionMode : "Automatic", Type : "Unknown", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 2, EndPoint : "Unspecified/MYCLUSTERNAME-shard-00-00.34sww.mongodb.net:27017" }", EndPoint: "Unspecified/MYCLUSTERNAME-shard-00-00.34sww.mongodb.net:27017", State: "Disconnected", Type: "Unknown", HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

       

      Our source looks like this:

      ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

var settings = new MongoClientSettings
{
    ApplicationName = "iApply",
    ConnectionMode = ConnectionMode.Automatic,
    Server = new MongoServerAddress(clusterSVRHostnmae),
    Credential = MongoCredential.CreateCredential(authDb, username, password),
    Scheme = ConnectionStringScheme.MongoDBPlusSrv,
    UseTls = true,
    GuidRepresentation = GuidRepresentation.CSharpLegacy
};

// settings.SslSettings = new SslSettings
// {
//     CheckCertificateRevocation = true // <= this causes timeout on servers with restricted connectivity!!!
// };

var client = new MongoClient(settings);
var db = client.GetDatabase("databaseName");

      As it's caused problems in the past, we've commented out `CheckCertificateRevocation` as we've seen this cause timeouts. However in this case, it's not helping.

      We DO NOT want to disable certificate validation in production for obvious security reasons.

       

      Things we've tried:

      • We've ensured all IP Addresses are whitelisted.
      • We CAN connect from Compass from the SAME server.
      • We CAN telnet to one of the resolved IP addresses on port 27017 from the same server.
      • The C# code DOES work from other servers, but not this one (production).

            Assignee:
            robert@mongodb.com Robert Stam
            Reporter:
            james.price@dws.com.au James Price
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: