[SERVER-8729] SSL: mongod started with --sslWeakCertificateValidation, mongo can't connect with self-signed cert Created: 26/Feb/13  Updated: 19/Mar/13  Resolved: 26/Feb/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Gregor Macadam Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Operating System: ALL
Participants:

 Description   

ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc0$ ./bin/mongod --dbpath ./data/ --sslOnNormalPorts --sslPEMKeyFile ../sslCA/gregorFreeBSD.pem  --replSet rs1 --smallfiles  --sslCAFile ../sslCA/cacert.pem --sslWeakCertificateValidation

ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc0$ ./bin/mongo --ssl --sslPEMKeyFile ./smoke.pem 
MongoDB shell version: 2.4.0-rc0
connecting to: test
Tue Feb 26 10:41:57.332 DBClientCursor::init call() failed
Tue Feb 26 10:41:57.333 Error: DBClientBase::findN: transport error: 127.0.0.1:27017 ns: admin.$cmd query: { whatsmyuri: 1 } src/mongo/shell/mongo.js:112
exception: connect failed

Tue Feb 26 10:41:57.322 [initandlisten] connection accepted from 127.0.0.1:54975 #3 (1 connection now open)
Tue Feb 26 10:41:57.331 [conn3] ERROR: SSL peer certificate validation failed:self signed certificate
Tue Feb 26 10:41:57.331 [conn3] SocketException handling request, closing client connection: 9001 socket exception [6] 



 Comments   
Comment by Eric Milkie [ 26/Feb/13 ]

This is by design. Weak certificate validation means that if a client presents a certificate, it will be validated and it won't connect if it fails validation. If the client doesn't present a certificate, they are allowed to connect successfully.

The flag is designed to help you upgrade from no cert validation to cert validation.

Generated at Thu Feb 08 03:18:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.