Loading...

XML

Word

Printable

JSON

Type: Question
Resolution: Works as Designed
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
- security

Assigned Teams:

Server Triage
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

I have a valid wildcard cert (e.g. *.domain.com), signed from a CA. Once I upgraded Mongo from 2.6.12 to 3.0.15 trying to connect with the mongo client I get:

$ mongo --ssl --host hostname.other.other.domain.com --sslCAFile /etc/ssl/certs/mongodb-ca-certificates.crt --sslPEMKeyFile /etc/ssl/certs/mongodb.pem
MongoDB shell version: 3.0.15
connecting to: hostname.other.other.domain.com:27017/test
2018-04-03T15:23:59.622+0000 E NETWORK  The server certificate does not match the host name hostname.other.other.domain.com
2018-04-03T15:23:59.623+0000 E QUERY    Error: socket exception [CONNECT_ERROR] for
    at connect (src/mongo/shell/mongo.js:181:14)
    at (connect):1:6 at src/mongo/shell/mongo.js:181
exception: connect failed

The only thing that changed is the Mongo version. Any suggestions to why this is not working ?
The cert and the CA match and validate fine with openssl (The domain name above is just an example)

Assignee:: [HELP ONLY] Backlog - Triage Team
Reporter:: Konstantin Ivanov
Participants:: [HELP ONLY] Backlog - Triage Team, Kenn White, Konstantin Ivanov, Ramon Fernandez Marina
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Apr 03 2018 03:27:54 PM UTC
Updated:: Oct 27 2023 01:53:53 PM UTC
Resolved:: Apr 19 2018 11:36:09 PM UTC

Details

Description

Attachments

Activity

People

Dates