Uploaded image for project: 'MongoDB ETL Tools'
  1. MongoDB ETL Tools
  2. TOOLS-2158

mongodump failing on Windows with "error opening system CA store: Access is denied."

    XMLWordPrintable

    Details

      Description

      Running mongodump on Windows in NETWORK_SERVICE mode which restricts access to many local resources. Attempting to dump from an Atlas cluster which requires TLS. Getting error:

      mongodump exited with code 1: \r\n \r\n 2018-11-08T11:25:04.596+0000\tFailed: can't create session: error configuring the connector: openssl configuration: Error setting up system certificate authority: error opening system CA store: Access is denied.
      

      It appears that this issue has been fixed in the C driver (CDRIVER-1964) and also in the mongo/mongos/mongod code (SERVER-27592). The corresponding fix would appear to be required in the importCertStoreToX509_STORE method that is used by the tools, to wit changing line 57 from this:

       CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, (HCRYPTPROV)NULL, storeLocation, storeName);
      

      to this:

       CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, (HCRYPTPROV)NULL, storeLocation | CERT_STORE_READONLY_FLAG, storeName);
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                david.golden David Golden
                Reporter:
                spencer.brown Spencer Brown
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: