[SERVER-27832] Unable to get TLS connection to work with mongoS Created: 27/Jan/17 Updated: 02/Feb/17 Resolved: 02/Feb/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Admin, Security |
| Affects Version/s: | 3.0.2 |
| Fix Version/s: | None |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | Mike Shaw | Assignee: | Mark Agarunov |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Participants: |
| Description |
|
Hello there, I'm trying to get Node JS application to connect to mongos but it fails when I set requireSSL on the mongos service I have used openSSL to create CA certificate, server certificate and client certificate and updated mongo.conf file on my MongoD server (Server=mzapp1)
On my MongoS server I have setup config file
On the NodeJS service also running on mzweb1 server, I am connecting using:
With this configuration I get error in MongoS log file when I try to connect using NodeJS
If I go to command prompt on mzweb1 and run mongo shell, then it connects fine using the following sytax, which seems to imply my MongoS setup is OK
However if I change the NodeJS application to point directly to the mongoD by changing host/port to mzapp1/27018 then it also connects fine, which seems to indicate the Client.PEM file is OK, so am confused why I am getting issues only when connecitng NodeJS to MongoS My workaround at the moment is to leave my NodeJS pointing at MongoS, but changing MongoS to "mode: preferSSL" but obviously would prefer to have everything setup for TLS (and understand better how MongoS is working!) Can any one advise ? Thanks |
| Comments |
| Comment by Mike Shaw [ 02/Feb/17 ] | ||||||||||||||||||||||||||||||||||||||||||||
|
You are right problem solved, sorry I missed such a basic setup issue. Thanks for the help. | ||||||||||||||||||||||||||||||||||||||||||||
| Comment by Mark Agarunov [ 01/Feb/17 ] | ||||||||||||||||||||||||||||||||||||||||||||
|
Hello mikeshaw, Thank you for providing these files. After looking over the logs and configuration, I think I may have spotted the issue. In the node.js configuration you've provided the SSL settings look to be correct, however the mongos object is empty. As referenced in the documentation (near the end of the page), when connecting to a mongos instance, the SSL configuration should go inside the mongos object. Currently you have the following configuration:
Instead, when connecting to a mongos instance, the configuration would look something like this:
Please note that SERVER project is for reporting bugs or feature suggestions for the MongoDB server. For MongoDB-related support discussion please post on the mongodb-user group or Stack Overflow with the mongodb tag. A question like this involving more discussion would be best posted on the mongodb-user group. Thanks, | ||||||||||||||||||||||||||||||||||||||||||||
| Comment by Mike Shaw [ 01/Feb/17 ] | ||||||||||||||||||||||||||||||||||||||||||||
|
Thanks for the response, have attached ZIP file with config and logs | ||||||||||||||||||||||||||||||||||||||||||||
| Comment by Mike Shaw [ 01/Feb/17 ] | ||||||||||||||||||||||||||||||||||||||||||||
|
Thanks for the response. Have attached config and log files. See README.txt in ZIP file | ||||||||||||||||||||||||||||||||||||||||||||
| Comment by Mark Agarunov [ 30/Jan/17 ] | ||||||||||||||||||||||||||||||||||||||||||||
|
Hello mikeshaw, Thank you for the report. Reading over your description and provided output, I suspect that the issue you are seeing may lie in the configuration. Please provide the following, if possible, so that we can get a better idea of the problem:
Thanks, |