[DOCS-1799] mongod --sslPEMKeyPassword required even if there's no password Created: 09/Aug/13  Updated: 11/Jan/17  Resolved: 14/Aug/13

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 01112017-cleanup

Type: Bug Priority: Minor - P4
Reporter: Paul Rubin Assignee: Kay Kim (Inactive)
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

linux


Participants:
Days since reply: 10 years, 27 weeks, 1 day ago

 Description   

This is from current github master. Making self-signed cert with -nodes option as suggested in http://docs.mongodb.org/manual/tutorial/configure-ssl/ creates a key file with no password. Trying to start mongod using the resulting pem file produces a diagnostic saying the --sslPEMKeyPassword option is required, and then the server dosn't start. Supplying --sslPEMKeyPassword "" (i.e. an empty string as password) suppresses the error.

"Doc change" option below is checked because the doc file should be updated to say how to deal with the password.



 Comments   
Comment by Paul Rubin [ 13/Aug/13 ]

OK, I think the report is invalid and I must have run the wrong mongod (i.e. 2.2.4) due to $PATH:

$ mongod --sslOnNormalPorts --sslPEMKeyFile ./mongodb.pem --port 11111
Tue Aug 13 13:11:45 need sslPEMKeyPassword
$ mongod --version
db version v2.2.4, pdfile version 4.5
Tue Aug 13 13:11:54 git version: nogitversion

With last night's build (2.5.2-pre) it works ok.

Sorry about that.

(Note: the 2.2.4 build is from the Fedora repo and appears to be configured with SSL).

Comment by Paul Rubin [ 13/Aug/13 ]

Unfortunately it looks to me like I trashed that certificate when I deleted the directory in order to rebuild from the git repo. I'll see if I can reproduce the error.

Comment by Daniel Pasette (Inactive) [ 13/Aug/13 ]

Hi Paul,
I spoke with the dev responsible for this feature and he confirms it's a bug if reproducible, but we have been unable. Can you provide the certificate in question?
Dan

Comment by Paul Rubin [ 12/Aug/13 ]

It's not a big deal but I filed it as a code bug because I think there should be a code fix in addition to a doc change. If there is no password you shouldn't need to pass the --sslPEMKeyPassword option.

Comment by Daniel Pasette (Inactive) [ 12/Aug/13 ]

thanks for the report. I moved this to the DOCS project.

Generated at Thu Feb 08 07:41:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.