6

I created certificates according to the instructions on the official website of MongoDB, but it doesn't work properly.

I have a replica set and self-signed certificates.

I need a full encryption of traffic between replica members. How do I properly set up these replica members? And how do I enter the MongoDB shell?

I created certificates according to the instructions, in mongod.conf:

sslMode = requireSSL
sslPEMKeyFile = /etc/ssl/mongo.pem ...

and try the add the parameter: 

sslCAFile = /etc/ssl/mongo.crt

and tried to enter: 

mongo --ssl --sslPEMKeyFile /etc/ssl/mongo.pem --sslCAFile /etc/ssl/mongo.pem or 
mongo --ssl --sslPEMKeyFile /etc/ssl/mongo.pem --sslCAFile /etc/ssl/mongo.crt

I get the error - The server certificate does not match the host name.

If I use the client certificate then error: SSL peer certificate validation failed:self signed certificate.

the Mongod service is up and running. Mongo version - 3.0.2. Centos - 6.5 x64.

I went through a lot of links but haven't found a working solution.

If it is possible can you please give me the steps?

Vérace
31k9 gold badges73 silver badges86 bronze badges
asked Apr 30, 2015 at 8:07
0

2 Answers 2

1

When you create the self signed certificate, you need to use a valid host name in the "Common Name" field, e.g.:

Common Name (eg, your name or your server's hostname) []: host.domain.com

If you want use a domain certificate, you need to change "host" with "*", e.g.:

Common Name (eg, your name or your server's hostname) []: *.domain.com

answered Jun 25, 2015 at 9:52
0

You can force mongo to ignore the certificate hostname mismatch with the allowInvalidHostnames configuration option

net.ssl.allowInvalidHostnames

Type: boolean

Default: False

New in version 3.0.

When net.ssl.allowInvalidHostnames is true, MongoDB disables the validation of the hostnames in TLS/SSL certificates, allowing mongod to connect to MongoDB instances if the hostname their certificates do not match the specified hostname.

Changed in version 3.0: Most MongoDB distributions now include support for TLS/SSL. See Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients for more information about TLS/SSL and MongoDB.

answered Nov 17, 2016 at 15:17
1
  • This answer would be improved if you abstracted a summary of the relevant portions of the linked web page. Commented Nov 17, 2016 at 15:41

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.