Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-2996

Mongodump/mongorestore: “tls: private key does not match public key”

XMLWordPrintableJSON

      Problem Statement/Rationale

      I have a secured sharded cluster. I am calling mongodump/mongorestore on a mongos instance. The program answers that private key does not match public key, which is false. I know it because i use the same keys to connect to mongodb using nodejs driver, mongosh, and compass.

      Steps to Reproduce

      - This is my mongos.conf:

       

      # ***** mongos.conf for mongos node *****
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# ***************************************
# + db node name: "node-mongos-mongos1"
# + creation date: "Sun 05 Dec 2021 08:26:48 AM UTC"
# ***************************************

# logging
systemLog:
    destination: file
    logAppend: true
    path: /player22/db/nodes/node-mongos-mongos1/log/mongos.log

# network interface
net:
    port: 28000
    bindIpAll: true

# how the process runs
processManagement:
    timeZoneInfo: /usr/share/zoneinfo

# authentication
security:
    keyFile: /player22/db/shared/config/mongodb.key

# sharding
sharding:
    configDB: rscfgsvr1/linode1.player22.com:28001

# profiling
operationProfiling:
    # the slow operation time threshold, in milliseconds. Operations that run for longer than this threshold are considered slow.
    slowOpThresholdMs: 100
    # the fraction of slow operations that should be profiled or logged. operationProfiling.slowOpSampleRate accepts values between 0 and 1, inclusive.
    slowOpSampleRate: 1

# ssl
net:
   tls:
      mode: requireTLS
      certificateKeyFile: /player22/shared/ssl/cert-plus-key-decrypted.pem # ssl enabled between server nodes
      CAFile: /player22/shared/ssl/ca.pem # server also requires certificate from client
      • This is an example of mongorestore command that produces the error about key mismatch:

       

       

      mongorestore --username="restoreUser" --password="<hidden>" --drop --preserveUUID --maintainInsertionOrder --stopOnError --uri="mongodb://linode1.player22.com:28000" --ssl --sslPEMKeyFile="/player22/shared/ssl/cert-plus-key-decrypted.pem" --sslCAFile="/player22/shared/ssl/ca.pem" --authenticationDatabase="admin" --gzip --archive="toto.gz" --verbose

       

      Expected Results

      Not this error, and a normal connection instead.

      Actual Results

      Error:  “tls: private key does not match public key”

      Additional Notes

      These are 2 links of reports of almost the same issue:

      link1

      link2

      The second link suggests it could be related to letsencrypt. I am using letsencrypt too.

      I am running mongodb and tools on debian 10.

      I have installed the latest version of everything.

      My keys are good because I am using them for other mongodb clients and it works.

      I have also double-checked my keys using open ssl. As you can see, there is no mismatch between the public and the private key:

      root@localhost:~# openssl x509 -noout -modulus -in /player22/shared/ssl/cert.pem | openssl md5
(stdin)= 460774f2783e7bf9d3eba3e20bfc40ce
root@localhost:~# openssl rsa -noout -modulus -in /player22/shared/ssl/key-decrypted.pem | openssl md5
(stdin)= 460774f2783e7bf9d3eba3e20bfc40ce
root@localhost:~# openssl x509 -noout -modulus -in /player22/shared/ssl/cert-plus-key-decrypted.pem | openssl md5
(stdin)= 460774f2783e7bf9d3eba3e20bfc40ce

            Assignee:
            tim.fogarty@mongodb.com Tim Fogarty
            Reporter:
            bonjourjoel@gmail.com Joel J
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: