~/Sources/mongo/mongod --sslMode requireSSL --sslPEMKeyFile tests/x509gen/altname.pem --sslCAFile tests/x509gen/ca.pem --dbpath /data/rs1 --replSet foo
|
~/Sources/mongo/mongo --ssl --sslCAFile tests/x509gen/ca.pem --host localhost --sslPEMKeyFile tests/x509gen/client.pem
|
MongoDB shell version: 3.3.8-545-g4d826ac
|
connecting to: localhost:27017/test
|
MongoDB server version: 3.3.8-545-g4d826ac
|
Server has startup warnings:
|
|
> rs.initiate()
|
{
|
"info2" : "no configuration specified. Using a default configuration for the set",
|
"me" : "infant:27017",
|
"ok" : 0,
|
"errmsg" : "No host described in new configuration 1 for replica set foo maps to this node",
|
"code" : 93
|
}
|
|
2016-07-18T13:07:38.611-0700 I COMMAND [conn2] initiate : no configuration specified. Using a default configuration for the set
|
2016-07-18T13:07:38.611-0700 I COMMAND [conn2] created this configuration for initiation : { _id: "foo", version: 1, members: [ { _id: 0, host: "infant:27017" } ] }
|
2016-07-18T13:07:38.611-0700 I REPL [conn2] replSetInitiate admin command received from client
|
2016-07-18T13:07:38.612-0700 I NETWORK [thread1] connection accepted from 127.0.0.1:34930 #5 (3 connections now open)
|
2016-07-18T13:07:38.620-0700 E NETWORK [conn5] SSL peer certificate validation failed: unsupported certificate purpose
|
2016-07-18T13:07:38.621-0700 I - [conn5] AssertionException handling request, closing client connection: 6 Recv failed
|
2016-07-18T13:07:38.621-0700 E NETWORK [conn2] The server certificate does not match the host name infant
|
2016-07-18T13:07:38.621-0700 I - [conn5] end connection 127.0.0.1:34930 (2 connections now open)
|
2016-07-18T13:07:38.621-0700 W NETWORK [conn2] couldn't check isSelf (infant:27017) socket exception [CONNECT_ERROR] for The server certificate does not match the host name infant
|
2016-07-18T13:07:38.621-0700 E REPL [conn2] replSet initiate got NodeNotFound: No host described in new configuration 1 for replica set foo maps to this node while validating { _id: "foo", version: 1, members: [ { _id: 0, host: "infant:27017" } ] }
|
Turns out, the certificate I had passed to mongod didn't match the hostname rs.initiate() defaulted to.
It would be nice and error from the "check isSelf" sanitycheck been propagated through to the client, which clearly said "The server certificate does not match the host name infant"