[SERVER-28873] SSL peer certificate validation fails Created: 19/Apr/17 Updated: 27/Oct/23 Resolved: 12/Jun/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | 3.4.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Corbett Waddingham (Inactive) | Assignee: | Jonathan Reams |
| Resolution: | Gone away | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows 2012r2 |
||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Participants: | |||||||||
| Case: | (copied to CRM) | ||||||||
| Description |
|
A customer reported that they were receiving error messages when trying to connect to Atlas using SSL from a Windows 2012r2 client running Mongo shell version 3.4.3. Error message was: 2017-04-18T16:11:02.280-0700 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate The issue was fixed by manually adding the DigiCert intermediate certificate to their shell. As the problem was related to the certificate we use for Atlas it seems that the cert should already be loaded in the mongo shell. It appears that this may be a packaging problem for the Windows build of 3.4.3. |
| Comments |
| Comment by Jonathan Reams [ 12/Jun/17 ] |
|
I'm going to resolve this for now. This could be a bug that we should fix, or just an uncommon configuration problem that will always require a workaround. If this happens again, I'd be very curious to see whether the customer's certificate store was missing the root CA of our certificate. |