-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Shell
-
Labels:None
-
ALL
hi, I create the pem with SAN by the follows steps:
1. sudo openssl req -new -key myserver.key -out myserver_san_ip.csr -subj "/C=AU/ST=NSW/O=test/CN=x509server/emailAddress=user@domain.com"
2. sudo openssl x509 -req -days 3650 -in myserver_san_ip.csr -CA ca.crt -CAkey ca.key -set_serial 01 -extensions v3_req -extfile a.txt -out myserver_san_ip.crt
a.txt 's content is :
[v3_req]
basicConstraints = CA:TRUE
subjectAltName = IP:10.154.10.39
then use :" openssl x509 -text -noout -in myserver_san_ip.crt" to check the SAN field.see 
3. sudo sh -c "cat myserver.key myserver_san_ip.crt > myserver_san_ip.pem"
with this new pem file, I restarted mongod server
then try to connect with mongo shell : mongo --host 10.154.10.39 --ssl --sslCAFile ca.pem --sslPEMKeyFile myclient.pem
but still get the error :
2018-02-01T03:56:53.109+0800 E NETWORK [thread1] The server certificate does not match the host name. Hostname: 10.154.10.39 does not match SAN(s):
2018-02-01T03:56:53.110+0800 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name. Hostname: 10.154.10.39 does not match SAN(s): :
connect@src/mongo/shell/mongo.js:237:13
@(connect):1:6
exception: connect failed
- duplicates
-
SERVER-24591 Support hostname validation with IP addresses in SAN
-
- Closed
-
- is related to
-
-
- Closed
-