Major - P3 We're running v3.2.7 in three member replica configuration.
The config uses IPs instead of hostnames, e.g.:
rs.conf()
{
"_id" : "eusbg1",
"version" : 4,
"protocolVersion" : NumberLong(1),
"members" : [
{
"_id" : 0,
"host" : "167.114.255.189:27017",
"arbiterOnly" : false,
"buildIndexes" : true,
"hidden" : false,
"priority" : 1,
"tags" : {
},
"slaveDelay" : NumberLong(0),
"votes" : 1
},
...
The config on one of the nodes is as following:
...
net:
port: 27017
ssl:
mode: allowSSL
PEMKeyFile: /etc/mongod/member.pem
CAFile: /etc/mongod/ca.pem
...
When trying to connect to this member via
mongo --ssl --sslCAFile ca.pem --host 4.4.4.4 admin -u user -p
We get the following error:
The server certificate does not match the host name 4.4.4.4
The certificate is configured as follows:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:11:10:7d:d8:0c:82:ba:a2:01:f5:d8:a9:26:3a:29:9e:88:10:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=SK, ST=SK, L=Bratislava, CN=*
Validity
Not Before: Jun 13 15:22:00 2016 GMT
Not After : May 20 15:22:00 2116 GMT
Subject: C=SK, ST=SK, L=Bratislava, CN=*
...
It appears that mongo client should connect without any issues since the CN=*, but mongo client throws an error about invalid hostname.