-
Type: Task
-
Resolution: Duplicate
-
Priority: Major - P3
-
Affects Version/s: None
-
Labels:
Description
I was testing the server with TLS/SSL enabled following the guide here:
https://docs.mongodb.com/manual/appendix/security/appendixA-openssl-ca/
But I am getting error message of "SSL peer certificate validation failed: certificate signature failure" on Linux machines, while MacOs and windows machine all work fine.
After some research and especially this blog here
https://nonspecific.org/error-7-at-0-depth-lookupcertificate-signature-failure/
I realized it might be caused by the ordering in the ca-bundle file.
In the mongodb document above it states:
cat mongodb-test-ca.crt mongodb-test-ia.crt > test-ca.pem
But in many sources including this one https://cleantalk.org/help/ssl-ca-bundle , it shows intermediate certificate should precede root certificate. After change made, the problem is gone on Linux machines.
Please investigate. Thanks.