Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-13656

[Server] Doc for CA file creation might be wrong

XMLWordPrintableJSON

      Description

      I was testing the server with TLS/SSL enabled following the guide here:
      https://docs.mongodb.com/manual/appendix/security/appendixA-openssl-ca/
      But I am getting error message of "SSL peer certificate validation failed: certificate signature failure" on Linux machines, while MacOs and windows machine all work fine. 

      After some research and especially this blog here
      https://nonspecific.org/error-7-at-0-depth-lookupcertificate-signature-failure/
      I realized it might be caused by the ordering in the ca-bundle file. 

      In the mongodb document above it states:

      cat mongodb-test-ca.crt mongodb-test-ia.crt  > test-ca.pem

      But in many sources including this one https://cleantalk.org/help/ssl-ca-bundle , it shows intermediate certificate should precede root certificate.  After change made, the problem is gone on Linux machines.

      Please investigate. Thanks.

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

            Assignee:
            Unassigned Unassigned
            Reporter:
            huan.li@mongodb.com Huan Li
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:
              1 year, 4 weeks, 1 day ago