Description
I was testing the server with TLS/SSL enabled following the guide here:
https://docs.mongodb.com/manual/appendix/security/appendixA-openssl-ca/
But I am getting error message of "SSL peer certificate validation failed: certificate signature failure" on Linux machines, while MacOs and windows machine all work fine.
After some research and especially this blog here
https://nonspecific.org/error-7-at-0-depth-lookupcertificate-signature-failure/
I realized it might be caused by the ordering in the ca-bundle file.
In the mongodb document above it states:
cat mongodb-test-ca.crt mongodb-test-ia.crt > test-ca.pem
|
But in many sources including this one https://cleantalk.org/help/ssl-ca-bundle , it shows intermediate certificate should precede root certificate. After change made, the problem is gone on Linux machines.
Please investigate. Thanks.
Scope of changes
Impact to Other Docs
MVP (Work and Date)
Resources (Scope or Design Docs, Invision, etc.)
|