[SERVER-70271] TLS Authentication not working for self signed certifcates. Created: 06/Oct/22  Updated: 07/Oct/22  Resolved: 07/Oct/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: bala subramanian Assignee: Yuan Fang
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

command issued:

mongo -tls --host 127.0.0.1 --tlsCAFile /etc/ssl/self/root_self_CA.pem  tlsCertificateKeyFile /etc/ssl/self/mongodb_client.pem --tlsCertificateKeyFilePassword admin@123 --tlsAllowInvalidCertificates -u mongouser -p  -authenticationDatabase admin

Log of Mongodb:

{"t":\{"$date":"2022-10-06T08:08:57.920-04:00"}

,"s":"E",  "c":"NETWORK",  "id":23256,   "ctx":"conn14","msg":"SSL peer certificate validation failed","attr":{"error":"SSL peer certificate validation failed: self signed certificate"}}

{"t":\{"$date":"2022-10-06T08:08:57.920-04:00"}

,"s":"I",  "c":"NETWORK",  "id":22988,   "ctx":"conn14","msg":"Error receiving request from client. Ending connection from remote","attr":{"error":

{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"SSL peer certificate validation failed: self signed certificate"}

,"remote":"127.0.0.1:49150","connectionId":14}}

{"t":\{"$date":"2022-10-06T08:08:57.920-04:00"}

,"s":"I",  "c":"NETWORK",  "id":22944,   "ctx":"conn14","msg":"Connection ended","attr":{"remote":"127.0.0.1:49150","uuid":"6150d1f4-3272-444f-a8ea-4a993774380c","connectionId":14,"connectionCount":0}}



 Comments   
Comment by Yuan Fang [ 07/Oct/22 ]

Hi it.subramanian@gmail.com,

Thank you for your report. The “self-signed certificate” error generally occurs when you connect using a client without specifying the CA certificate in the client (--sslCAFile if using the mongo shell). I found a thread on MongoDB Developer Community Forums discussing a similar question. Would you check if it helps?

If the discussion there leads you to suspect a bug in the MongoDB server, then we'd want to investigate it as a possible bug here in the SERVER project.

Regards,
Yuan

Generated at Thu Feb 08 06:15:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.