Details
-
Investigation
-
Status: Closed
-
Blocker - P1
-
Resolution: Duplicate
-
100.5.1
-
None
-
Debian 10, standard
Description
Problem Statement/Rationale
I have a secured sharded cluster. I am calling mongodump/mongorestore on a mongos instance. The program answers that private key does not match public key, which is false. I know it because i use the same keys to connect to mongodb using nodejs driver, mongosh, and compass.
Steps to Reproduce
- This is my mongos.conf:
# ***** mongos.conf for mongos node ***** |
# for documentation of all options, see: |
# http://docs.mongodb.org/manual/reference/configuration-options/ |
# ***************************************
|
# + db node name: "node-mongos-mongos1" |
# + creation date: "Sun 05 Dec 2021 08:26:48 AM UTC" |
# ***************************************
|
|
# logging
|
systemLog:
|
destination: file
|
logAppend: true |
path: /player22/db/nodes/node-mongos-mongos1/log/mongos.log
|
|
# network interface |
net:
|
port: 28000 |
bindIpAll: true |
|
# how the process runs
|
processManagement:
|
timeZoneInfo: /usr/share/zoneinfo
|
|
# authentication
|
security:
|
keyFile: /player22/db/shared/config/mongodb.key
|
|
# sharding
|
sharding:
|
configDB: rscfgsvr1/linode1.player22.com:28001 |
|
# profiling
|
operationProfiling:
|
# the slow operation time threshold, in milliseconds. Operations that run for longer than this threshold are considered slow. |
slowOpThresholdMs: 100 |
# the fraction of slow operations that should be profiled or logged. operationProfiling.slowOpSampleRate accepts values between 0 and 1, inclusive. |
slowOpSampleRate: 1 |
|
# ssl
|
net:
|
tls:
|
mode: requireTLS
|
certificateKeyFile: /player22/shared/ssl/cert-plus-key-decrypted.pem # ssl enabled between server nodes
|
CAFile: /player22/shared/ssl/ca.pem # server also requires certificate from client
|
- This is an example of mongorestore command that produces the error about key mismatch:
mongorestore --username="restoreUser" --password="<hidden>" --drop --preserveUUID --maintainInsertionOrder --stopOnError --uri="mongodb://linode1.player22.com:28000" --ssl --sslPEMKeyFile="/player22/shared/ssl/cert-plus-key-decrypted.pem" --sslCAFile="/player22/shared/ssl/ca.pem" --authenticationDatabase="admin" --gzip --archive="toto.gz" --verbose |
Expected Results
Not this error, and a normal connection instead.
Actual Results
Error: “tls: private key does not match public key”
Additional Notes
These are 2 links of reports of almost the same issue:
The second link suggests it could be related to letsencrypt. I am using letsencrypt too.
I am running mongodb and tools on debian 10.
I have installed the latest version of everything.
My keys are good because I am using them for other mongodb clients and it works.
I have also double-checked my keys using open ssl. As you can see, there is no mismatch between the public and the private key:
root@localhost:~# openssl x509 -noout -modulus -in /player22/shared/ssl/cert.pem | openssl md5 |
(stdin)= 460774f2783e7bf9d3eba3e20bfc40ce
|
root@localhost:~# openssl rsa -noout -modulus -in /player22/shared/ssl/key-decrypted.pem | openssl md5 |
(stdin)= 460774f2783e7bf9d3eba3e20bfc40ce
|
root@localhost:~# openssl x509 -noout -modulus -in /player22/shared/ssl/cert-plus-key-decrypted.pem | openssl md5 |
(stdin)= 460774f2783e7bf9d3eba3e20bfc40ce
|
Attachments
Issue Links
- duplicates
-
TOOLS-2598 correct behavior for multi-certs inside client certificate file
-
- In Progress
-