[CSHARP-2625] Can't connect to Amazon DocumentDB over SSL/TLS using MongoDB .NET Driver Created: 01/Jun/19  Updated: 27/Oct/23  Resolved: 03/Jun/19

Status: Closed
Project: C# Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Christopher Isidora Assignee: Unassigned
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

I'm unable to connect to Amazon DocumentDB over SSL/TLS using the .NET Driver. I get an remote certificate is invalid error when connection options are: ssl=true&sslVerifyCertificate=true&replicaSet=rs0

It DOES work when I have sslVerifyCertificate=true in the connectionstring, but that is not acceptable for production.

We are using a linux docker image and .NET Core 2.2

We import Amazon RDS Roots on startup successfully:

X509Store rootTrustStore = new X509Store(StoreName.Root);
X509Store intermediateTrustStore = new X509Store(StoreName.CertificateAuthority);
rootTrustStore.Open(OpenFlags.ReadWrite);
intermediateTrustStore.Open(OpenFlags.ReadWrite);try {
 X509Certificate2Collection certCollection = new X509Certificate2Collection();
 certCollection.Import(System.IO.Path.Combine(Environment.ContentRootPath, $ "{MongoOptions.CertificatePath}.p7b")); var rootCert = certCollection.Cast < X509Certificate2 > ().First(c => c.Subject.Contains("Root CA")); rootTrustStore.Add(rootCert);
 certCollection.Remove(rootCert);
 intermediateTrustStore.AddRange(certCollection); Console.WriteLine("AWS RDS Root Certificate & Intermediates Imported"); //Console.WriteLine($"PEM Location: {pemPath}");
} catch (Exception ex) {
 Console.WriteLine("Certificate import failed: " + ex.Message);
} finally {
 rootTrustStore.Close();
 intermediateTrustStore.Close();
}

 

And set the client settings with the above connection options:

 

var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(connectionString));
var client = new MongoClient(clientSettings);

 

 

 



 Comments   
Comment by Jeffrey Yemin [ 03/Jun/19 ]

Thanks for following up.

Comment by Christopher Isidora [ 03/Jun/19 ]

This ticket can be closed. Issue solved by installing the certificates while building the docker image

Comment by Christopher Isidora [ 01/Jun/19 ]

Typo: It DOES work when I have sslVerifyCertificate=false in the connectionstring

Generated at Wed Feb 07 21:43:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.