<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:23:19 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-10495] Mongo 2.5.1 is unable to read sslkey PEM file (error:no start line)</title>
                <link>https://jira.mongodb.org/browse/SERVER-10495</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;I&apos;m currently testing the x.509 authentication feature. I&apos;m unable to start up mongod via&lt;/p&gt;

&lt;p&gt;mongod --dpath &amp;lt;path&amp;gt; --logpath &amp;lt;logpath&amp;gt; --fork --sslOnNormalPorts --sslPEMKeyFile &amp;lt;path to sslCertificate and key PEM file&amp;gt; --sslCAFile &amp;lt;path to root CA PEM file&amp;gt;&lt;/p&gt;

&lt;p&gt;The error that I&apos;m receiving is as follows:&lt;/p&gt;

&lt;p&gt;Tue Aug 13 04:25:10.373 ERROR: cannot read PEM key file: /home/ec2-user/mongodb.pem error:0906D06C:PEM routines:PEM_read_bio:no start line&lt;/p&gt;


&lt;p&gt;I&apos;ve attached the PEM files. The PEM files were generated with the following commands and configurations (openssl.cnf is attached).&lt;/p&gt;

&lt;p&gt;Root CA Key/Cert:&lt;/p&gt;

&lt;p&gt;sudo openssl req -new -x509 -days 365 -nodes -out mongodbCA.crt -keyout mongodbCA.key&lt;/p&gt;


&lt;p&gt;Client Pem:&lt;/p&gt;

&lt;p&gt;sudo openssl req -newkey rsa:1024 -nodes -sha1 -keyout mongodb.key -keyform PEM -out mongodb.req -outform PEM&lt;/p&gt;

&lt;p&gt;sudo openssl ca -in mongodb.req -out mongodb.pem&lt;/p&gt;


</description>
                <environment>Amazon Linux EC2, amazon linux build for 2.5.1</environment>
        <key id="85704">SERVER-10495</key>
            <summary>Mongo 2.5.1 is unable to read sslkey PEM file (error:no start line)</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="dylan.tong">Dylan Tong</reporter>
                        <labels>
                    </labels>
                <created>Tue, 13 Aug 2013 04:59:10 +0000</created>
                <updated>Tue, 20 Oct 2020 20:38:15 +0000</updated>
                            <resolved>Thu, 15 Aug 2013 22:50:12 +0000</resolved>
                                    <version>2.5.1</version>
                                                    <component>Networking</component>
                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="3455209" author="JIRAUSER1257348" created="Tue, 20 Oct 2020 20:38:15 +0000"  >&lt;p&gt;I ran into the same problem.&lt;/p&gt;

&lt;p&gt;The tools to generate certificates and key files assume you need them in separate files (and there&apos;s no way to assume otherwise) but mongodb requires them to be concatenated in a single file (i.e. $ cat file_one.crt file_two.pem &amp;gt; file_to_feed_mongo.pem).&lt;/p&gt;

&lt;p&gt;Just having this information in &lt;a href=&quot;https://docs.mongodb.com/manual/tutorial/configure-ssl/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/tutorial/configure-ssl/&lt;/a&gt; would have spared me lots of time.&lt;/p&gt;</comment>
                            <comment id="2238730" author="dandv" created="Wed, 8 May 2019 16:43:30 +0000"  >&lt;p&gt;Thanks Eric. I see now that &lt;a href=&quot;https://stackoverflow.com/questions/20837161/openssl-pem-routinespem-read-biono-start-linepem-lib-c703expecting-truste&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;that error has bitten others too&lt;/a&gt;, so perhaps it&apos;s worth filing an issue against OpenSSL. Maybe some pressure from MongoDB, Inc. would help.&lt;/p&gt;</comment>
                            <comment id="2238316" author="milkie" created="Wed, 8 May 2019 11:20:30 +0000"  >&lt;p&gt;I&#8217;m sorry you&#8217;re having trouble, Dan; that sounds super frustrating. That particular message comes from OpenSSL itself, and I&#8217;m not sure exactly what it means either. We&#8217;ve changed our documentation significantly over the past six years, so that&#8217;s why the page doesn&#8217;t cover PEM files like it used to. I&#8217;ll see what I can do to improve the docs in this area. &lt;/p&gt;</comment>
                            <comment id="2238207" author="dandv" created="Wed, 8 May 2019 07:08:38 +0000"  >&lt;p&gt;I&apos;m running into the same error: &quot;cannot read certificate file: /tmp/privkey1.pem error:0906D06C:PEM routines:PEM_read_bio:no start line&quot;&lt;/p&gt;

&lt;p&gt;That page no longer says anything about how to concatenate files.&lt;/p&gt;

&lt;p&gt;I obtained my certificate files by running LetsEncrypt&apos;s certbot. Since this is the most popular and free way of getting CA-signed certificates, it would be really useful to explain how exactly to use them, and what needs to be concatenated to what, in what order. Not asking for &quot;&lt;b&gt;A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates&lt;/b&gt;, and Certificate Authority &lt;span class=&quot;error&quot;&gt;&amp;#91;that would be&amp;#93;&lt;/span&gt; beyond the scope of this document.&quot; Just that the user should concatenate the privkey.pem and fullchain.pem into one file (the order doesn&apos;t matter, I tried both ways), and point the&#160;&lt;b&gt;CAFile&lt;/b&gt; setting to the fullchain.pem file.&lt;/p&gt;

&lt;p&gt;I wasted significnat time trying to figure this out on my own before looking up a tutorial, and I shouldn&apos;t have to. This should be covered in the docs, and the error could be more useful. Initially my&#160;&lt;b&gt;PEMKeyFile&lt;/b&gt; pointed to the private key file (nothing concatenated to it), which started with&#160;`---&lt;del&gt;BEGIN PRIVATE KEY&lt;/del&gt;----`, so what exactly does &quot;no start line&quot; mean? What should the start line look like? Could that error be more &lt;b&gt;useful&lt;/b&gt; instead of spitting out &quot;0906D06C&quot;?&lt;/p&gt;</comment>
                            <comment id="402810" author="milkie" created="Wed, 14 Aug 2013 13:48:03 +0000"  >&lt;p&gt;Hi Dylan.&lt;br/&gt;
In your description, you do correctly indicate that --sslPEMKeyFile takes a &amp;lt;path to sslCertificate and key PEM file&amp;gt;.&lt;br/&gt;
However, it looks like you did not actually append the private key to the certificate, so your PEM file only contained the SSL certificate.  From your example above, the private key is in the mongodb.key file.&lt;br/&gt;
On this documentation page, it explains how to concatenate the certificate and the private key into one PEM-format file:&lt;br/&gt;
&lt;a href=&quot;http://docs.mongodb.org/manual/tutorial/configure-ssl/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/tutorial/configure-ssl/&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="401655" author="dylan.tong@10gen.com" created="Tue, 13 Aug 2013 05:05:51 +0000"  >&lt;p&gt;Note that I realize this could be related to how I generated my PEM files, but I can&apos;t tell from the error or the online instructions what could be missing form my PEM.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="29813" name="openssl.cnf" size="10990" author="dylan.tong" created="Tue, 13 Aug 2013 05:02:19 +0000"/>
                            <attachment id="29812" name="pemfiles.tar.gz" size="10240" author="dylan.tong" created="Tue, 13 Aug 2013 05:02:06 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 14 Aug 2013 13:48:03 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        3 years, 16 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>francescomanfrediwd@gmail.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 years, 16 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>dandv</customfieldvalue>
            <customfieldvalue>dylan.tong</customfieldvalue>
            <customfieldvalue>milkie@mongodb.com</customfieldvalue>
            <customfieldvalue>francescomanfrediwd@gmail.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrmjt3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrs7en:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>78428</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrlchz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>