[SERVER-35370] network error while attempting to run command 'isMaster' on host mongo.example.com Created: 02/Jun/18 Updated: 27/Oct/23 Resolved: 13/Jun/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 3.6.3 |
| Fix Version/s: | None |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | Ali | Assignee: | Nick Brewer |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
I have enabled `SSL` on my `mongoDB` server. I have set `preferred` as I don't want to make SSL a requirement yet. I can connect to mongo shell easily by typing `mongo` in shell. The problem is that when I use `mongo --ssl --host mongo.example.com` command it gives the following error:
|
| Comments |
| Comment by Kelsey Schubert [ 08/May/19 ] | |
|
Hi dandv, Thanks for your feedback, and I'm sorry this error message wasn't very clear about the root cause of the issue. We're tracking work to improve this error message in Kind regards, | |
| Comment by Dan Dascalescu [ 08/May/19 ] | |
|
Another cryptic error. There's nothing about "Error: network error while attempting to run command 'isMaster'" that tells me there was a certificate problem. I had to Google that cryptic error to land on this Jira ticket. Does that sound like a good developer experience? The error was that I forgot to include the `–ssl` parameter in the `mongo` CLI. | |
| Comment by Nick Brewer [ 13/Jun/18 ] | |
|
Glad to hear you got it working. I'll go ahead and close this issue. Nick | |
| Comment by Ali [ 13/Jun/18 ] | |
|
The problem was that CN of the certificate didn't match the value of hostname in config file of `MongoDB`. Thank you for the time. | |
| Comment by Nick Brewer [ 11/Jun/18 ] | |
|
Hi Ali, Thanks for your report. Some things I'd like to confirm:
Regards, Nick | |
| Comment by Ali [ 02/Jun/18 ] | |
|
When I comment out the below config section in mongod.conf it works:
Now in mongo shell command I should not provide --sslCAFile /etc/ssl/ca.pem! When I remove it and just use mongo --ssl it works. Why CA file should be removed? Does it bear security concerns? | |
| Comment by Ali [ 02/Jun/18 ] | |
|
In mongoDB server logs it reports that:
|