[JAVA-2279] Java driver and SSL certificate chains Created: 12/Aug/16  Updated: 11/Sep/19  Resolved: 03/Oct/16

Status: Closed
Project: Java Driver
Component/s: Configuration
Affects Version/s: 3.0.2
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Dharshan Rangegowda Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

I have a public SSL certificate issued by GoDaddy and I am trying to validate the certificate in the java driver.

In previous versios of mongodb I have used the following .pem file for the server ssl pem file.

<Private key>
<Public key>
<Public key Chain 1>
<Public key Chain 2>
<Public key Chain 3>

However this doesn't seem to work anymore. Should the .pem only contain the private and public keys and the chain certs should be specified in the CA file provided to the driver?

The documentation wasn't clear on this - so it will be good to clarify on this.



 Comments   
Comment by Jeffrey Yemin [ 03/Oct/16 ]

Hi Dharshan,

The Java driver delegate SSL entirely to the JVM. If you configure the driver with either ssl=true on the connection string or with the sslEnabled property of MongoClientOptions, then the driver creates SSLSocket instances via SSLSocketFactory.getDefault(), which in turn uses the standard JVM system properties for specifying the trust store. See the driver's reference documentation for details.

Alternatively you can figure an SSLSocketFactory in the application by setting the socketFactory property of MongoClientOptions. See JAVA-2229 for a known related issue that will be fixed in the next release.

Comment by Dharshan Rangegowda [ 23/Aug/16 ]

Hi Ross,

In the comment above i'm referring to how the Java driver is validating the cert chain - I would like to understand if there are any requirements around how the cert chain is stored in the server side mongod.pem for the driver to validate - or is the java driver expecting the cert chain to come from other cert stores (E.g cacerts in jvm).

Comment by Ross Lawley [ 22/Aug/16 ]

Hi dharshanr@scalegrid.net,

Thanks for the ticket, I'm unclear if you are referring to the MongoD configuration no longer working or your code?

Just to let you know this project is for Java driver bugs or feature requests. The best place for questions regarding MongoDB usage or the Java driver specifics is the mongodb-user mailinglist or stackoverflow as you will reach a boarder audience there. If your business requires an answer from MongoDB within a time frame then we do offer production support.

If you do follow up via one of the options above please post a link and I will follow the conversation there.

All the best,

Ross

Generated at Thu Feb 08 08:56:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.