Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-27832

Unable to get TLS connection to work with mongoS

    XMLWordPrintableJSON

Details

    • Icon: Question Question
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • 3.0.2
    • Admin, Security
    • None

    Description

      Hello there,

      I'm trying to get Node JS application to connect to mongos but it fails when I set requireSSL on the mongos service
      Windows 2012 R2
      Mongo 3.0.2

      I have used openSSL to create CA certificate, server certificate and client certificate and updated mongo.conf file on my MongoD server (Server=mzapp1)

      	mode: requireSSL
      	PEMKeyFile: "C:\\Mongo\\Certificates\\mzapp1.pem"
      	CAFile: "C:\\Mongo\\Certificates\\MikeTestCA.pem"
      

      On my MongoS server I have setup config file

      	mode: requireSSL
      	PEMKeyFile: "C:\\Mongo\\Certificates\\mzweb1.pem"
      	CAFile: "C:\\Mongo\\Certificates\\MikeTestCA.pem"
      

      On the NodeJS service also running on mzweb1 server, I am connecting using:

          hostname: "mzweb1",
          port: 27017,
          ssl: true,
          sslCA: require('fs').readFileSync("C:\\Mongo\\Certificates\\MikeTestCA.pem"),
          sslValidate: true,
          sslKey: require('fs').readFileSync("C:\\Mongo\\Certificates\\client.pem"),
          sslCert: require('fs').readFileSync("C:\\Mongo\\Certificates\\client.pem")
      

      With this configuration I get error in MongoS log file when I try to connect using NodeJS

      "NETWORK  [conn6] AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections"
      

      If I go to command prompt on mzweb1 and run mongo shell, then it connects fine using the following sytax, which seems to imply my MongoS setup is OK

      	C:\Mongo\MongoDB\bin\mongo --ssl --sslPEMKeyFile C:\Mongo\Certificates\client.pem --sslCAFile C:\Mongo\Certificates\MikeTestCA.pem -host mzweb1 -port 27017
      

      However if I change the NodeJS application to point directly to the mongoD by changing host/port to mzapp1/27018 then it also connects fine, which seems to indicate the Client.PEM file is OK, so am confused why I am getting issues only when connecitng NodeJS to MongoS

      My workaround at the moment is to leave my NodeJS pointing at MongoS, but changing MongoS to "mode: preferSSL" but obviously would prefer to have everything setup for TLS (and understand better how MongoS is working!)

      Can any one advise ?

      Thanks

      Attachments

        Activity

          People

            mark.agarunov Mark Agarunov
            mikeshaw Mike Shaw
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: