[JAVA-1396] Java driver example with SSL glosses over required truststore steps Created: 02/Apr/14  Updated: 16/May/20  Resolved: 28/Oct/15

Status: Closed
Project: Java Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 3.0.0

Type: Improvement Priority: Major - P3
Reporter: John Morales Assignee: Jeffrey Yemin
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

http://docs.mongodb.org/manual/tutorial/configure-ssl/#java


Issue Links:
Related

 Description   

If one were to take the Java example provided and run it, you'll be greeted by a ~100 line-long exception chain at runtime.

Relevant snippet:

...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...

Essentially the example glosses over the required steps to import and use a custom Java trustStore (and potentially the trustStore password) that contains the MongoDB server certificate. These steps are approximately discussed in this mongodb-user comment. (Although I believe the keystore usage may have been unnecessary - I'm not certain myself.)

(Note: it is possible that this example could work as is, but only in the case where the user starts their MongoDB node using a certificate that's been signed by a trusted 3rd party, e.g., Verisign, which are already bundled within the default JRE. However I suspect this usage would be exceedingly rare in practice.)



 Comments   
Comment by Jeffrey Yemin [ 28/Oct/15 ]

New documentation for SSL has been available since the 3.0 driver shipped: http://mongodb.github.io/mongo-java-driver/3.1/driver-async/reference/connecting/ssl/

Comment by Sam Kleinman (Inactive) [ 03/Apr/14 ]

Jeff,

Could you take a look at this and see what kind of changes we want to recommend?

I'm tempted to remove all examples of connecting with drivers from this page, and link out to relevant sections in the driver documentation: the examples are contrived and probably not useful in practice, it's not consistent with our approach for other topics and quite difficult for us to maintain.

Cheers,
sam

Generated at Thu Feb 08 08:54:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.