[SERVER-51216] SSL peer certificate validation failed: self signed certificate in certificate chain Created: 24/Sep/20  Updated: 06/Dec/22  Resolved: 02/Oct/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Ravi Kumar Assignee: Backlog - Triage Team
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Triage
Participants:

 Description   

---- x509 certs creation steps for the server
openssl genrsa -out mongoCA.key -aes256 2048
dn_prefix="/C=US/ST=MO/L=Monett/O=JHA/OU=EPLOG_MGDB_REPL_QADEV/CN=MONGODBREPLCA"
openssl req -new -x509 -days 3650 -key mongoCA.key -out mongoCA.crt -subj "$dn_prefix"
SUBJECT="/C=US/ST=MO/L=Monett/O=JHA/OU=EPLOG_MGDB_REPL_QADEV/CN=10.228.72.177"
openssl req -new -nodes -newkey rsa:4096 -subj "$SUBJECT" -keyout azapppmgcdb01t.key -out azapppmgcdb01t.csr
openssl x509 -CA mongoCA.crt -CAkey mongoCA.key -CAcreateserial -req -days 36500 -in azapppmgcdb01t.csr -out azapppmgcdb01t.crt
cat azapppmgcdb01t.crt azapppmgcdb01t.key > azapppmgcdb01t.pem

vi /mg_data/mdb-4.2/test/conf/mongod.conf

net:
tls:
mode: preferTLS
certificateKeyFile: /mg_data/mdb-4.2/test/conf/auth/certs/azapppmgcdb01t.pem
CAFile: /mg_data/mdb-4.2/test/conf/auth/certs/mongoCA.crt
clusterFile: /mg_data/mdb-4.2/test/conf/auth/certs/azapppmgcdb01t.pem
security:
clusterAuthMode: x509

-------- x509 certs creation steps for the client
SUBJECT="/C=US/ST=CA/L=San Francisco/O=Star One Credit Union/OU=EPLOG_MGDB_CLIENT_QADEV/emailAddress=rtk@jhaaa.com/CN=rtk"
openssl req -new -nodes -newkey rsa:4096 -keyout client_rtk.key -out client_rtk.csr -subj "$SUBJECT"
openssl x509 -CA mongoCA.crt -CAkey mongoCA.key -CAcreateserial -req -days 36500 -in client_rtk.csr -out client_rtk.crt
cat client_rtk.crt client_rtk.key > client_rtk.pem



 Comments   
Comment by Kelsey Schubert [ 02/Oct/20 ]

Thanks for the update rtammineni@jackhenry.com. I'll go ahead and resolve this ticket per your request.

Comment by Ravi Kumar [ 02/Oct/20 ]

Hi Jessica,

 

We have resolved the issue.  Please close the ticket.

 

Thanks

ravi

Comment by Ravi Kumar [ 29/Sep/20 ]

Hi Jessica,

We are using 

MongoDB shell version v4.2.6

 

Thanks

ravi

Comment by Jessica Sigafoos [ 29/Sep/20 ]

Reporter provided info that was lost in the move to SERVER:

{{2020-09-24T18:45:47.691+0000 E NETWORK [js] SSL peer certificate validation failed: self signed certificate in certificate chain }}
{{ 2020-09-24T18:45:47.691+0000 E QUERY [js] Error: couldn't connect to server 10.228.72.177:27025, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: self signed certificate in certificate chain :}}

Comment by Jessica Sigafoos [ 29/Sep/20 ]

Hi rtammineni@jackhenry.com, thanks for reaching out!  What version of the tools are you using?  Thanks!

Generated at Thu Feb 08 05:24:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.