Description
We're running v3.2.7 in three member replica configuration.
The config uses IPs instead of hostnames, e.g.:
rs.conf()
|
{
|
"_id" : "eusbg1",
|
"version" : 4,
|
"protocolVersion" : NumberLong(1),
|
"members" : [
|
{
|
"_id" : 0,
|
"host" : "167.114.255.189:27017",
|
"arbiterOnly" : false,
|
"buildIndexes" : true,
|
"hidden" : false,
|
"priority" : 1,
|
"tags" : {
|
|
|
},
|
"slaveDelay" : NumberLong(0),
|
"votes" : 1
|
},
|
...
|
The config on one of the nodes is as following:
...
|
net:
|
port: 27017
|
ssl:
|
mode: allowSSL
|
PEMKeyFile: /etc/mongod/member.pem
|
CAFile: /etc/mongod/ca.pem
|
...
|
When trying to connect to this member via
mongo --ssl --sslCAFile ca.pem --host 4.4.4.4 admin -u user -p
|
We get the following error:
The server certificate does not match the host name 4.4.4.4
|
The certificate is configured as follows:
Certificate:
|
Data:
|
Version: 3 (0x2)
|
Serial Number:
|
3d:11:10:7d:d8:0c:82:ba:a2:01:f5:d8:a9:26:3a:29:9e:88:10:04
|
Signature Algorithm: sha256WithRSAEncryption
|
Issuer: C=SK, ST=SK, L=Bratislava, CN=*
|
Validity
|
Not Before: Jun 13 15:22:00 2016 GMT
|
Not After : May 20 15:22:00 2116 GMT
|
Subject: C=SK, ST=SK, L=Bratislava, CN=*
|
...
|
It appears that mongo client should connect without any issues since the CN=*, but mongo client throws an error about invalid hostname.