Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-3508

ATLAS AuthenticationException: The remote certificate is invalid according to the validation procedure

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Works as Designed
    • Icon: Major - P3 Major - P3
    • None
    • 2.10.3
    • Connectivity, Security
    • None
    • Windows Server 2019
      C# 4.6.1
      MongoDB Driver 2.10.3
      ATLAS cluster

    Description

      When connecting to ATLAS cluster from a secure server we're receiving the following error:

      Exception encountered: A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "2", ConnectionMode : "Automatic", Type : "Unknown", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 2, EndPoint : "Unspecified/MYCLUSTERNAME-shard-00-00.34sww.mongodb.net:27017" }", EndPoint: "Unspecified/MYCLUSTERNAME-shard-00-00.34sww.mongodb.net:27017", State: "Disconnected", Type: "Unknown", HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
      

       

      Our source looks like this:

      ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
       
      var settings = new MongoClientSettings
      {
          ApplicationName = "iApply",
          ConnectionMode = ConnectionMode.Automatic,
          Server = new MongoServerAddress(clusterSVRHostnmae),
          Credential = MongoCredential.CreateCredential(authDb, username, password),
          Scheme = ConnectionStringScheme.MongoDBPlusSrv,
          UseTls = true,
          GuidRepresentation = GuidRepresentation.CSharpLegacy
      };
       
      // settings.SslSettings = new SslSettings
      // {
      //     CheckCertificateRevocation = true // <= this causes timeout on servers with restricted connectivity!!!
      // };
       
      var client = new MongoClient(settings);
      var db = client.GetDatabase("databaseName");
      

      As it's caused problems in the past, we've commented out `CheckCertificateRevocation` as we've seen this cause timeouts. However in this case, it's not helping.

      We DO NOT want to disable certificate validation in production for obvious security reasons.

       

      Things we've tried:

      • We've ensured all IP Addresses are whitelisted.
      • We CAN connect from Compass from the SAME server.
      • We CAN telnet to one of the resolved IP addresses on port 27017 from the same server.
      • The C# code DOES work from other servers, but not this one (production).

      Attachments

        Activity

          People

            robert@mongodb.com Robert Stam
            james.price@dws.com.au James Price
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: