[DOCS-1799] mongod --sslPEMKeyPassword required even if there's no password Created: 09/Aug/13 Updated: 11/Jan/17 Resolved: 14/Aug/13 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 01112017-cleanup |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Paul Rubin | Assignee: | Kay Kim (Inactive) |
| Resolution: | Cannot Reproduce | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
linux |
||
| Participants: | |
| Days since reply: | 10 years, 27 weeks, 1 day ago |
| Description |
|
This is from current github master. Making self-signed cert with -nodes option as suggested in http://docs.mongodb.org/manual/tutorial/configure-ssl/ creates a key file with no password. Trying to start mongod using the resulting pem file produces a diagnostic saying the --sslPEMKeyPassword option is required, and then the server dosn't start. Supplying --sslPEMKeyPassword "" (i.e. an empty string as password) suppresses the error. "Doc change" option below is checked because the doc file should be updated to say how to deal with the password. |
| Comments |
| Comment by Paul Rubin [ 13/Aug/13 ] |
|
OK, I think the report is invalid and I must have run the wrong mongod (i.e. 2.2.4) due to $PATH: $ mongod --sslOnNormalPorts --sslPEMKeyFile ./mongodb.pem --port 11111 With last night's build (2.5.2-pre) it works ok. Sorry about that. (Note: the 2.2.4 build is from the Fedora repo and appears to be configured with SSL). |
| Comment by Paul Rubin [ 13/Aug/13 ] |
|
Unfortunately it looks to me like I trashed that certificate when I deleted the directory in order to rebuild from the git repo. I'll see if I can reproduce the error. |
| Comment by Daniel Pasette (Inactive) [ 13/Aug/13 ] |
|
Hi Paul, |
| Comment by Paul Rubin [ 12/Aug/13 ] |
|
It's not a big deal but I filed it as a code bug because I think there should be a code fix in addition to a doc change. If there is no password you shouldn't need to pass the --sslPEMKeyPassword option. |
| Comment by Daniel Pasette (Inactive) [ 12/Aug/13 ] |
|
thanks for the report. I moved this to the DOCS project. |