-
Type:
Task
-
Resolution: Done
-
Priority:
Major - P3
-
None
-
Affects Version/s: 3.2.1
-
Component/s: Connection Management
-
None
-
Environment:Windows, Linux
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Hello,
I´m trying to connect to a mongod instance on CentOS with the Java driver from my windows-pc. The mongod is configured as follows:
ssl:
mode: requireSSL
PEMKeyFile: /tmp/ssl/mongodb.pem
CAFile: /tmp/ssl/cert-chain.pem
allowConnectionsWithoutCertificates: true
A connection from my windows with the commandline works:
mongod <server:port> --ssl --sslCAFile <certicate-ca>
Also from MongoChef, but I get an exception when I try to execute the following snippet:
MongoClientOptions clientOptions = MongoClientOptions.builder().sslEnabled(true).sslInvalidHostNameAllowed(false).build(); MongoClient mongoClient = new MongoClient("<mongod-dnsname>", clientOptions); MongoDatabase db = mongoClient.getDatabase("test"); MongoCollection<Document> collection = db.getCollection("testColl"); System.out.println(collection.count());
The stacktrace is:
2016-05-03 08:02:28,004 INFO cluster: Cluster created with settings {hosts=[<mongod-dnsname>], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
2016-05-03 08:02:28,086 DEBUG cluster: Updating cluster description to {type=UNKNOWN, servers=[{address=<mongod-dnsname>, type=UNKNOWN, state=CONNECTING}]
2016-05-03 08:02:28,132 INFO cluster: No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, all=[ServerDescription{address=<mongod-dnsname>, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2016-05-03 08:02:28,147 DEBUG connection: Closing connection connectionId{localValue:1}
2016-05-03 08:02:28,149 DEBUG connection: Closing connection connectionId{localValue:1}
2016-05-03 08:02:28,150 INFO cluster: Exception in monitor thread while connecting to server <mongod-dnsname>
com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:462)
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:205)
at com.mongodb.connection.CommandHelper.sendMessage(CommandHelper.java:89)
at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32)
at com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:83)
at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:43)
at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:115)
at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:128)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address <mongod-ip> found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at com.mongodb.connection.SocketStream.write(SocketStream.java:75)
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:201)
... 7 more
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address <mongod-ip> found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:167)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
... 16 more
The certificate was also used for the application running on the same server without any trouble. It contains following SAN entry:
X509v3 Subject Alternative Name:
DNS:<mongod-dnsname>