[SERVER-35153] TLS/SSL configuration without CA Created: 22/May/18  Updated: 23/Jun/18  Resolved: 23/Jun/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.6.5
Fix Version/s: None

Type: Question Priority: Trivial - P5
Reporter: Serkan Sahin Assignee: Matt Broadstone
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

Hello,

I bootstrapped a Mongo 3.6 server on Centos 7 and I'd like to use encryption in order to secure the communications between the server and my Node.JS clients.

My server and the clients are all behind the same VPC, i want to make it very simple. I've followed the documentation about the encryption (see: https://docs.mongodb.com/manual/tutorial/configure-ssl/). And I'm using the setting below in my /etc/mongod.conf

 

# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
 destination: file
 logAppend: true
 path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
 dbPath: /opt/mongo
 journal:
 enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
 fork: true # fork and run in background
 pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
 timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
 port: 27017
 bindIp: 0.0.0.0
 ssl:
 mode: requireSSL
 PEMKeyFile: /etc/ssl/mongodb.pem
 allowInvalidHostnames: true
 allowInvalidCertificates: true
 allowConnectionsWithoutCertificates: true
# bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
security:
 authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:

 

Well, the server starts correctly and I can log in to it using a GUI client (Studio 3T) but when my apps cannot. They get "SSLHandshake failed" error. I use this connection string uri:

mongodb://username:password@host:27017/database?ssl=true&authSource=admin&ssl_ca_certs=/etc/ssl/certs/ca-bundle.crt

if you could give me some hints it would great, thank you!

 



 Comments   
Comment by Matt Broadstone [ 23/Jun/18 ]

ian.whalen Yes, I've provided all the info that should be necessary to resolve this issue. Looks like it has "Gone Away"

Comment by Matt Broadstone [ 04/Jun/18 ]

Hi serkan.sahin@bearingpoint.com,

The node driver is configured differently for ssl. You can read more about this here, but specifically you will want to read the CRT file into memory and pass it in via the MongoClient constructor. Please let us know if you need additional help!

Generated at Thu Feb 08 04:38:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.