[SERVER-34631] Upgrade error from 3.7.3 to 3.7.5 Created: 24/Apr/18 Updated: 29/Oct/23 Resolved: 04/May/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.0.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Juergen Zimmermann | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows 10 Ultimate |
||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Sprint: | Platforms 2018-05-07 | ||||||||
| Participants: | |||||||||
| Description |
|
I tried to upgrade MongoDB from 3.7.3 to 3.7.5 on Windows 10 Ultimate. Since libeay32.dll and ssleay32.dll are not provided in the new ZIP file, I copied them from the 3.7.3 distribution ZIP. I used the same config and also the same PEM file as before. However, I'm getting the following error message in the logfile: 2018-04-24T08:17:13.302+0200 F CONTROL [main] Failed global initialization: InvalidSSLConfiguration: Expected to find 'RSA PRIVATE KEY' in PEM file, found 'PRIVATE KEY' instead. |
| Comments |
| Comment by Githook User [ 04/May/18 ] | ||||||||||||||
|
Author: {'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto', 'username': 'markbenvenuto'}Message: | ||||||||||||||
| Comment by Juergen Zimmermann [ 25/Apr/18 ] | ||||||||||||||
|
Thank you. A certificate without emailAddress works fine. | ||||||||||||||
| Comment by Mark Benvenuto [ 24/Apr/18 ] | ||||||||||||||
|
That OID maps to "emailAddress". We will need to make a fix to handle email address. If you can regenerate the certificate, you should only use the following components.
| ||||||||||||||
| Comment by Juergen Zimmermann [ 24/Apr/18 ] | ||||||||||||||
|
Thank you for your immediate response! After converting the key file with OpenSSL and rearranging the pem file I get this error (it's a self-signed cert): 2018-04-24T16:35:13.837+0200 F CONTROL [main] Failed global initialization: InvalidSSLConfiguration: Unknown OID: 1.2.840.113549.1.9.1 | ||||||||||||||
| Comment by Mark Benvenuto [ 24/Apr/18 ] | ||||||||||||||
|
As part of the work to switch from OpenSSL to Windows SChannel in 3.7, we did not add support for PRIVATE KEY PEM files since we did not encounter them in our local testing, and since they can be easily converted to RSA PRIVATE KEY PEM files. To convert the key format from PRIVATE KEY (i.e. PKCS#8 PrivateKeyInfo) to RSA PRIVATE KEY (i.e. PKCS#1 RSAPrivateKey), you will need the openssl.exe command line utility which is available from www.openssl.org. Run You will need to make a new PEM file from the converted key and your original certificate with the following content
If you have the certificate in the Windows Certificate store, you can use Certificate Selectors described in |