We're running v3.2.7 in three member replica configuration.
The config uses IPs instead of hostnames, e.g.:
rs.conf() { "_id" : "eusbg1", "version" : 4, "protocolVersion" : NumberLong(1), "members" : [ { "_id" : 0, "host" : "167.114.255.189:27017", "arbiterOnly" : false, "buildIndexes" : true, "hidden" : false, "priority" : 1, "tags" : { }, "slaveDelay" : NumberLong(0), "votes" : 1 }, ...
The config on one of the nodes is as following:
... net: port: 27017 ssl: mode: allowSSL PEMKeyFile: /etc/mongod/member.pem CAFile: /etc/mongod/ca.pem ...
When trying to connect to this member via
mongo --ssl --sslCAFile ca.pem --host 4.4.4.4 admin -u user -p
We get the following error:
The server certificate does not match the host name 4.4.4.4
The certificate is configured as follows:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:11:10:7d:d8:0c:82:ba:a2:01:f5:d8:a9:26:3a:29:9e:88:10:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=SK, ST=SK, L=Bratislava, CN=*
Validity
Not Before: Jun 13 15:22:00 2016 GMT
Not After : May 20 15:22:00 2116 GMT
Subject: C=SK, ST=SK, L=Bratislava, CN=*
...
It appears that mongo client should connect without any issues since the CN=*, but mongo client throws an error about invalid hostname.