Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34278

After Mongo Upgrade: The server certificate does not match the host name on valid wildcard cert

    XMLWordPrintable

    Details

    • Type: Question
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Works as Designed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:

      Description

      I have a valid wildcard cert (e.g. *.domain.com), signed from a CA. Once I upgraded Mongo from 2.6.12 to 3.0.15 trying to connect with the mongo client I get:

      $ mongo --ssl --host hostname.other.other.domain.com --sslCAFile /etc/ssl/certs/mongodb-ca-certificates.crt --sslPEMKeyFile /etc/ssl/certs/mongodb.pem
      MongoDB shell version: 3.0.15
      connecting to: hostname.other.other.domain.com:27017/test
      2018-04-03T15:23:59.622+0000 E NETWORK  The server certificate does not match the host name hostname.other.other.domain.com
      2018-04-03T15:23:59.623+0000 E QUERY    Error: socket exception [CONNECT_ERROR] for
          at connect (src/mongo/shell/mongo.js:181:14)
          at (connect):1:6 at src/mongo/shell/mongo.js:181
      exception: connect failed
      

      The only thing that changed is the Mongo version. Any suggestions to why this is not working ?
      The cert and the CA match and validate fine with openssl (The domain name above is just an example)

        Attachments

          Activity

            People

            Assignee:
            backlog-server-triage Backlog - Triage Team
            Reporter:
            o1o1o11o1 Konstantin Ivanov
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: