Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8732

Config server with CRL, mongos started with revoked cert, unclear error message

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.4.0-rc0
    • Component/s: None
    • Labels:
      None
    • ALL

      What does

      unable to get certificate CRL

      mean?

      ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc0$ ./bin/mongod --dbpath ./data/config/ --configsvr --sslOnNormalPorts --sslPEMKeyFile ../sslCA/gregorFreeBSD.pem --sslCRLFile crl.pem --sslCAFile=../sslCA/cacert.pem 
Tue Feb 26 13:26:52.306 [initandlisten] MongoDB starting : pid=14374 port=27019 dbpath=./data/config/ master=1 64-bit host=ip-10-36-133-56
Tue Feb 26 13:26:52.306 [initandlisten] db version v2.4.0-rc0, pdfile version 4.5
Tue Feb 26 13:26:52.306 [initandlisten] git version: 09967e98e5d6280305d85553cdb2dd12e2e1e149 modules: subscription
Tue Feb 26 13:26:52.306 [initandlisten] build info: Linux bs-e-ubuntu1104 2.6.38-13-virtual #57-Ubuntu SMP Mon Mar 5 21:16:08 UTC 2012 x86_64 BOOST_LIB_VERSION=1_49
Tue Feb 26 13:26:52.306 [initandlisten] allocator: tcmalloc
Tue Feb 26 13:26:52.306 [initandlisten] options: { configsvr: true, dbpath: "./data/config/", sslCAFile: "../sslCA/cacert.pem", sslCRLFile: "crl.pem", sslOnNormalPorts: true, sslPEMKeyFile: "../sslCA/gregorFreeBSD.pem" }
Tue Feb 26 13:26:52.315 [initandlisten] journal dir=./data/config/journal
Tue Feb 26 13:26:52.315 [initandlisten] recover : no journal files present, no recovery needed
Tue Feb 26 13:26:52.511 [initandlisten] ssl imported 1 revoked certificate from the revocation list.
Tue Feb 26 13:26:52.513 [initandlisten] waiting for connections on port 27019 ssl
Tue Feb 26 13:26:52.513 [websvr] ssl imported 1 revoked certificate from the revocation list.
Tue Feb 26 13:26:52.513 [websvr] admin web console waiting for connections on port 28019 ssl
Tue Feb 26 13:26:55.516 [initandlisten] connection accepted from 10.36.133.56:42906 #1 (1 connection now open)
Tue Feb 26 13:26:55.523 [conn1] ERROR: SSL peer certificate validation failed:unable to get certificate CRL
Tue Feb 26 13:26:55.523 [conn1] SocketException handling request, closing client connection: 9001 socket exception [6] 

      ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc0$ ./bin/mongos --configdb ip-10-36-133-56 --sslOnNormalPorts --sslPEMKeyFile ../sslCA/revoked_gregor.pem 
Tue Feb 26 13:26:55.512 warning: running with 1 config server should be done only for testing purposes and is not recommended for production
Tue Feb 26 13:26:55.513 [mongosMain] MongoS version 2.4.0-rc0 starting: pid=14388 port=27017 64-bit host=ip-10-36-133-56 (--help for usage)
Tue Feb 26 13:26:55.513 [mongosMain] git version: 09967e98e5d6280305d85553cdb2dd12e2e1e149 modules: subscription
Tue Feb 26 13:26:55.513 [mongosMain] build info: Linux bs-e-ubuntu1104 2.6.38-13-virtual #57-Ubuntu SMP Mon Mar 5 21:16:08 UTC 2012 x86_64 BOOST_LIB_VERSION=1_49
Tue Feb 26 13:26:55.513 [mongosMain] options: { configdb: "ip-10-36-133-56", sslOnNormalPorts: true, sslPEMKeyFile: "../sslCA/revoked_gregor.pem" }

        1. cacert.pem
          1.0 kB
        2. gregorFreeBSD.pem
          4 kB

            Assignee:
            gregor Gregor Macadam
            Reporter:
            gregor Gregor Macadam
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: