[JAVA-1396] Java driver example with SSL glosses over required truststore steps Created: 02/Apr/14 Updated: 16/May/20 Resolved: 28/Oct/15 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 3.0.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | John Morales | Assignee: | Jeffrey Yemin |
| Resolution: | Done | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: | |||
| Issue Links: |
|
||||
| Description |
|
If one were to take the Java example provided and run it, you'll be greeted by a ~100 line-long exception chain at runtime. Relevant snippet:
Essentially the example glosses over the required steps to import and use a custom Java trustStore (and potentially the trustStore password) that contains the MongoDB server certificate. These steps are approximately discussed in this mongodb-user comment. (Although I believe the keystore usage may have been unnecessary - I'm not certain myself.) (Note: it is possible that this example could work as is, but only in the case where the user starts their MongoDB node using a certificate that's been signed by a trusted 3rd party, e.g., Verisign, which are already bundled within the default JRE. However I suspect this usage would be exceedingly rare in practice.) |
| Comments |
| Comment by Jeffrey Yemin [ 28/Oct/15 ] |
|
New documentation for SSL has been available since the 3.0 driver shipped: http://mongodb.github.io/mongo-java-driver/3.1/driver-async/reference/connecting/ssl/ |
| Comment by Sam Kleinman (Inactive) [ 03/Apr/14 ] |
|
Jeff, Could you take a look at this and see what kind of changes we want to recommend? I'm tempted to remove all examples of connecting with drivers from this page, and link out to relevant sections in the driver documentation: the examples are contrived and probably not useful in practice, it's not consistent with our approach for other topics and quite difficult for us to maintain. Cheers, |