[SERVER-28873] SSL peer certificate validation fails Created: 19/Apr/17  Updated: 27/Oct/23  Resolved: 12/Jun/17

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: 3.4.3
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Corbett Waddingham (Inactive) Assignee: Jonathan Reams
Resolution: Gone away Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows 2012r2


Issue Links:
Related
is related to SERVER-23044 Fall back to system CA certs in the s... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:
Case:

 Description   

A customer reported that they were receiving error messages when trying to connect to Atlas using SSL from a Windows 2012r2 client running Mongo shell version 3.4.3. Error message was:

2017-04-18T16:11:02.280-0700 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate

The issue was fixed by manually adding the DigiCert intermediate certificate to their shell. As the problem was related to the certificate we use for Atlas it seems that the cert should already be loaded in the mongo shell. It appears that this may be a packaging problem for the Windows build of 3.4.3.



 Comments   
Comment by Jonathan Reams [ 12/Jun/17 ]

I'm going to resolve this for now. This could be a bug that we should fix, or just an uncommon configuration problem that will always require a workaround. If this happens again, I'd be very curious to see whether the customer's certificate store was missing the root CA of our certificate.

Generated at Thu Feb 08 04:19:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.