[SERVER-8682] mongo tools do not support --sslPEMKeyFile or --sslPEMKeyPassword Created: 22/Feb/13  Updated: 16/Jun/14  Resolved: 11/Oct/13

Status: Closed
Project: Core Server
Component/s: Security, Tools
Affects Version/s: 2.4.0-rc0
Fix Version/s: 2.5.3

Type: Bug Priority: Major - P3
Reporter: Daniel Pasette (Inactive) Assignee: Shaun Verch
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by DOCS-1942 Document: mongo tools do not support ... Closed
Duplicate
is duplicated by SERVER-8681 add SSL support to all mongo tools Closed
Related
is related to SERVER-11127 Add more tests for ssl client options Closed
Operating System: ALL
Participants:

 Description   

If the mongod server is started with the --sslCAFile option (Certificate Authority file for SSL), it is impossible to connect to the server from the mongotools (mongodump, mongoexport, etc.).

If a tool tries to connect, the server will log (as expected):

Fri Feb 22 16:10:51.393 [conn3] ERROR: no SSL certificate provided by peer; connection rejected
Fri Feb 22 16:10:51.393 [conn3] SocketException handling request, closing client connection: 9001 socket exception [6] 

Workaround: run the mongod with --sslWeakCertificateValidation (allow client to connect without presenting a certificate). With this option, if a client presents a certificate, it must present a certificate that is valid by the CA. However, clients are allowed to successfully connect if they present no certificate at all.

Fix: add support for these cmd line options.



 Comments   
Comment by auto [ 11/Oct/13 ]

Author:

{u'username': u'Zarkantho', u'name': u'Shaun Verch', u'email': u'shaun.verch@10gen.com'}

Message: SERVER-8682 Add ssl client support to tools
Branch: master
https://github.com/mongodb/mongo/commit/24b6d27d9a00808ece23ba133ea658ef72c8e174

Generated at Thu Feb 08 03:18:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.