Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 3.0.6
Component/s: Security, Shell
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:
Hide

I used the official docker image

dockerfile

FROM mongo ADD mongod-config.yml /etc/mongodb/mongod ADD wildcart.plop.com.crt /etc/ssl/certs/wildcart.plop.com.crt ADD wildcart.plop.com.key /etc/ssl/private/wildcart.plop.com.key ADD GandiStandardSSLCA2.pem /usr/local/share/ca-certificates/gandi.net /GandiStandardSSLCA2.crt # come from https://wiki.gandi.net/en/ssl/intermediate RUN/etc/ssl/private/wildcart.plop.com.key /etc/ssl/certs/wildcart.plop.com.crt > /etc/ssl/certs/mongodb.pem && \ rm /etc/ssl/private/wildcart.plop.com.key /etc/ssl/certs/wildcart.plop.com.crt && \ update-ca-certificates && \ c_rehash CMD ["mongod", "--replSet", "plop", "--config", "/etc/mongodb/mongod"]

/etc/mongodb/mongod

net: ssl: mode: requireSSL PEMKeyFile: /etc/ssl/certs/mongodb.pem CAFile: /etc/ssl/certs/GandiStandardSSLCA2.pem allowConnectionsWithoutCertificates: true
Show
I used the official docker image dockerfile FROM mongo ADD mongod-config.yml /etc/mongodb/mongod ADD wildcart.plop.com.crt /etc/ssl/certs/wildcart.plop.com.crt ADD wildcart.plop.com.key /etc/ssl/ private /wildcart.plop.com.key ADD GandiStandardSSLCA2.pem /usr/local/share/ca-certificates/gandi.net /GandiStandardSSLCA2.crt # come from https: //wiki.gandi.net/en/ssl/intermediate RUN/etc/ssl/ private /wildcart.plop.com.key /etc/ssl/certs/wildcart.plop.com.crt > /etc/ssl/certs/mongodb.pem && \ rm /etc/ssl/ private /wildcart.plop.com.key /etc/ssl/certs/wildcart.plop.com.crt && \ update-ca-certificates && \ c_rehash CMD [ "mongod" , "--replSet" , "plop" , "--config" , "/etc/mongodb/mongod" ] /etc/mongodb/mongod net: ssl: mode: requireSSL PEMKeyFile: /etc/ssl/certs/mongodb.pem CAFile: /etc/ssl/certs/GandiStandardSSLCA2.pem allowConnectionsWithoutCertificates: true
Sprint:
Security A 10/09/15
Confidence Status:
None
Work Order:
0

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

I have a problem on MongoDB for using the SSL mode. When I trying to connect on my database, I have this error. (I use a valid certificate from gandi.net )

Mongo shell connexion error

mongo --ssl --sslCAFile /etc/ssl/certs/GandiStandardSSLCA2.pem  --host plip.plop.com

MongoDB shell version: 3.0.6
connecting to: plip.plop.com:27017/test
2015-10-16T10:24:23.122+0000 E NETWORK  SSL peer certificate validation failed:certificate not trusted
2015-10-16T10:24:23.126+0000 E QUERY    Error: socket exception [CONNECT_ERROR] for
at connect (src/mongo/shell/mongo.js:181:14)
at (connect):1:6 at src/mongo/shell/mongo.js:181

Mongo server response

2015-10-16T10:26:53.034+0000 I NETWORK  [initandlisten] connection accepted from 172.17.0.227:48786 #1 (1 connection now open)
2015-10-16T10:26:53.046+0000 W NETWORK  [conn1] no SSL certificate provided by peer
2015-10-16T10:26:53.046+0000 I NETWORK  [conn1] end connection 172.17.0.227:48786 (0 connections now open)

Assignee:: Spencer Jackson

Reporter:: dducatel

Participants:: dducatel, Spencer Jackson

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: Oct 19 2015 01:55:14 PM UTC

Updated:: Oct 23 2015 10:07:11 AM UTC

Resolved:: Oct 22 2015 02:34:29 PM UTC

Details

Description

Attachments

Activity

People

Dates