[JAVA-2279] Java driver and SSL certificate chains Created: 12/Aug/16 Updated: 11/Sep/19 Resolved: 03/Oct/16 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Configuration |
| Affects Version/s: | 3.0.2 |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Dharshan Rangegowda | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
I have a public SSL certificate issued by GoDaddy and I am trying to validate the certificate in the java driver. In previous versios of mongodb I have used the following .pem file for the server ssl pem file. <Private key> However this doesn't seem to work anymore. Should the .pem only contain the private and public keys and the chain certs should be specified in the CA file provided to the driver? The documentation wasn't clear on this - so it will be good to clarify on this. |
| Comments |
| Comment by Jeffrey Yemin [ 03/Oct/16 ] |
|
Hi Dharshan, The Java driver delegate SSL entirely to the JVM. If you configure the driver with either ssl=true on the connection string or with the sslEnabled property of MongoClientOptions, then the driver creates SSLSocket instances via SSLSocketFactory.getDefault(), which in turn uses the standard JVM system properties for specifying the trust store. See the driver's reference documentation for details. Alternatively you can figure an SSLSocketFactory in the application by setting the socketFactory property of MongoClientOptions. See |
| Comment by Dharshan Rangegowda [ 23/Aug/16 ] |
|
Hi Ross, In the comment above i'm referring to how the Java driver is validating the cert chain - I would like to understand if there are any requirements around how the cert chain is stored in the server side mongod.pem for the driver to validate - or is the java driver expecting the cert chain to come from other cert stores (E.g cacerts in jvm). |
| Comment by Ross Lawley [ 22/Aug/16 ] |
|
Thanks for the ticket, I'm unclear if you are referring to the MongoD configuration no longer working or your code? Just to let you know this project is for Java driver bugs or feature requests. The best place for questions regarding MongoDB usage or the Java driver specifics is the mongodb-user mailinglist or stackoverflow as you will reach a boarder audience there. If your business requires an answer from MongoDB within a time frame then we do offer production support. If you do follow up via one of the options above please post a link and I will follow the conversation there. All the best, Ross |