Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34278

After Mongo Upgrade: The server certificate does not match the host name on valid wildcard cert

XMLWordPrintableJSON

    • Type: Icon: Question Question
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
    • Server Triage

      I have a valid wildcard cert (e.g. *.domain.com), signed from a CA. Once I upgraded Mongo from 2.6.12 to 3.0.15 trying to connect with the mongo client I get:

      $ mongo --ssl --host hostname.other.other.domain.com --sslCAFile /etc/ssl/certs/mongodb-ca-certificates.crt --sslPEMKeyFile /etc/ssl/certs/mongodb.pem
MongoDB shell version: 3.0.15
connecting to: hostname.other.other.domain.com:27017/test
2018-04-03T15:23:59.622+0000 E NETWORK  The server certificate does not match the host name hostname.other.other.domain.com
2018-04-03T15:23:59.623+0000 E QUERY    Error: socket exception [CONNECT_ERROR] for
    at connect (src/mongo/shell/mongo.js:181:14)
    at (connect):1:6 at src/mongo/shell/mongo.js:181
exception: connect failed

      The only thing that changed is the Mongo version. Any suggestions to why this is not working ?
      The cert and the CA match and validate fine with openssl (The domain name above is just an example)

            Assignee:
            backlog-server-triage [HELP ONLY] Backlog - Triage Team
            Reporter:
            o1o1o11o1 Konstantin Ivanov
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: