Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-2158

mongodump failing on Windows with "error opening system CA store: Access is denied."

    XMLWordPrintable

    Details

    • Case:
    • Backport Requested:
      v4.0

      Description

      Running mongodump on Windows in NETWORK_SERVICE mode which restricts access to many local resources. Attempting to dump from an Atlas cluster which requires TLS. Getting error:

      mongodump exited with code 1: \r\n \r\n 2018-11-08T11:25:04.596+0000\tFailed: can't create session: error configuring the connector: openssl configuration: Error setting up system certificate authority: error opening system CA store: Access is denied.
      

      It appears that this issue has been fixed in the C driver (CDRIVER-1964) and also in the mongo/mongos/mongod code (SERVER-27592). The corresponding fix would appear to be required in the importCertStoreToX509_STORE method that is used by the tools, to wit changing line 57 from this:

       CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, (HCRYPTPROV)NULL, storeLocation, storeName);
      

      to this:

       CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, (HCRYPTPROV)NULL, storeLocation | CERT_STORE_READONLY_FLAG, storeName);
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              david.golden David Golden
              Reporter:
              spencer.brown Spencer Brown
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: