[SERVER-34278] After Mongo Upgrade: The server certificate does not match the host name on valid wildcard cert - MongoDB Jira

XML

Word

Printable

Details

Type: Question
Status: Closed
Priority: Major - P3
Resolution: Works as Designed
Affects Version/s: None
Fix Version/s: None
Component/s: Security
Labels:
- security

Description

I have a valid wildcard cert (e.g. *.domain.com), signed from a CA. Once I upgraded Mongo from 2.6.12 to 3.0.15 trying to connect with the mongo client I get:

$ mongo --ssl --host hostname.other.other.domain.com --sslCAFile /etc/ssl/certs/mongodb-ca-certificates.crt --sslPEMKeyFile /etc/ssl/certs/mongodb.pem

MongoDB shell version: 3.0.15

connecting to: hostname.other.other.domain.com:27017/test

2018-04-03T15:23:59.622+0000 E NETWORK  The server certificate does not match the host name hostname.other.other.domain.com

2018-04-03T15:23:59.623+0000 E QUERY    Error: socket exception [CONNECT_ERROR] for

    at connect (src/mongo/shell/mongo.js:181:14)

    at (connect):1:6 at src/mongo/shell/mongo.js:181

exception: connect failed

The only thing that changed is the Mongo version. Any suggestions to why this is not working ?
The cert and the CA match and validate fine with openssl (The domain name above is just an example)

Attachments

Activity

People

Assignee:: Backlog - Triage Team

Reporter:: Konstantin Ivanov

Participants:: Backlog - Triage Team, Kenneth White, Konstantin Ivanov, Ramon Fernandez Marina

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: Apr 03 2018 03:27:54 PM UTC

Updated:: Oct 01 2018 03:39:42 PM UTC

Resolved:: Apr 19 2018 11:36:09 PM UTC