Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-33069

mongo shell can't connect to the server if the server's cert has the ip address in SAN field

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Shell
    • Labels:
      None
    • Operating System:
      ALL

      Description

      hi, I create the pem with SAN by the follows steps:
      1. sudo openssl req -new -key myserver.key -out myserver_san_ip.csr -subj "/C=AU/ST=NSW/O=test/CN=x509server/emailAddress=user@domain.com"
      2. sudo openssl x509 -req -days 3650 -in myserver_san_ip.csr -CA ca.crt -CAkey ca.key -set_serial 01 -extensions v3_req -extfile a.txt -out myserver_san_ip.crt
      a.txt 's content is :
      [v3_req]
      basicConstraints = CA:TRUE
      subjectAltName = IP:10.154.10.39
      then use :" openssl x509 -text -noout -in myserver_san_ip.crt" to check the SAN field.see
      3. sudo sh -c "cat myserver.key myserver_san_ip.crt > myserver_san_ip.pem"
      with this new pem file, I restarted mongod server
      then try to connect with mongo shell : mongo --host 10.154.10.39 --ssl --sslCAFile ca.pem --sslPEMKeyFile myclient.pem
      but still get the error :
      2018-02-01T03:56:53.109+0800 E NETWORK [thread1] The server certificate does not match the host name. Hostname: 10.154.10.39 does not match SAN(s):
      2018-02-01T03:56:53.110+0800 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name. Hostname: 10.154.10.39 does not match SAN(s): :
      connect@src/mongo/shell/mongo.js:237:13
      @(connect):1:6
      exception: connect failed

        Attachments

        1. dd.png
          dd.png
          31 kB

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: