[DOCS-13656] [Server] Doc for CA file creation might be wrong Created: 18/May/20  Updated: 30/Oct/23  Resolved: 28/Mar/23

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Task Priority: Major - P3
Reporter: Huan Li Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: ssl
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Participants:
Days since reply: 45 weeks, 1 day ago

 Description   

Description

I was testing the server with TLS/SSL enabled following the guide here:
https://docs.mongodb.com/manual/appendix/security/appendixA-openssl-ca/
But I am getting error message of "SSL peer certificate validation failed: certificate signature failure" on Linux machines, while MacOs and windows machine all work fine. 

After some research and especially this blog here
https://nonspecific.org/error-7-at-0-depth-lookupcertificate-signature-failure/
I realized it might be caused by the ordering in the ca-bundle file. 

In the mongodb document above it states:

cat mongodb-test-ca.crt mongodb-test-ia.crt  > test-ca.pem 

But in many sources including this one https://cleantalk.org/help/ssl-ca-bundle , it shows intermediate certificate should precede root certificate.  After change made, the problem is gone on Linux machines.

Please investigate. Thanks.

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Ashley Brown [ 28/Mar/23 ]

Closed in favor of DOCSP-23133.

Comment by Huan Li [ 18/Aug/22 ]

Hi sarah.olson@mongodb.com , I haven't followed this ticket for a while and not sure if it's already fixed in the current version. And I don't think it needs a higher priority, changing this to an investigation ticket makes sense. Thanks!

Comment by Sarah Olson [ 17/Aug/22 ]

Hi huan.li@mongodb.com. Can you help me with priority for this ticket? I am going to revert to unassigned, and this ticket will live in our Server docs team backlog. Someone will pick it up as time allows. If you think it needs higher priority than this, please let me know and we'll get it assigned to someone accordingly.

Generated at Thu Feb 08 08:08:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.