Why do you have Score model?
Why not keep only User and Match models and for each have a score attribute?
In this schema you have only the updates per score.
If its due to redundancy of attributes, please note this is common in a document based schema design.
The answer to my question comes from an article I found this afternoon and I completely understand what I was doing wrong before.
http://demarcsek92.blogspot.com/2014/05/mongodb-ssl-setup.html
I'll explain a little more because of the suggestion from Markus.
Originally I was generating client and server key/certification pairs from a root CA that I had created. I was concatenating (adding) the other certificates that I was making to the root CA and using this as the input for --sslCAFile. The issue I was creating was using my server.pem key/cert for each node and then trying to pass the client.pem file to the server for validation which I found out throws the generic "Self signed certificate" error. Apparently it happens whenever invalid certs/keys are passed to the server to create a connection.
(I'm going to gloss over how to make the server/client key/cert as it is in the article and I would like people to go there for more explanation as it is this gentleman's solution and not my own.)
Create server.key and server.crt
Use "type server.key server.crt > server.pem" (for Windows)
Create client.key and client.crt
Use "type client.key client.crt > client.pem"
For the server the setup will be:
--sslPEMKeyFile = server.pem
--sslCAFile = client.pem
For the client the setup will be:
--sslPEMKeyFile = client.pem
--sslCAFile = server.pem
This solution, as is, works for a single node and single client connection. I was able to trace the line with Wireshark and see that Mongo had stopped identifying itself and that when I drilled down into the packets using the Follow TCP Stream option the only information it was exposing was part of the subject used in creating my certificates (ok behavior).
Find "Client Hello" transmission from Mongo by:
Right-clicking on one of tranmission messages > Decode as... > Transport tab > SSL
On the "Client Hello" transmission from Mongo:
Right-click the packet > Follow TCP Stream > You should see the packet encrypted
NEXT STEP:
My next step is to figure out how to setup SSL certificates for a 3 node replica set. I'm still trying to wrap my head around creating certificates for each node and how they can all be linked so it will allow for each to trust each other and a client connection.
(I'm going to look into the Stack Exchange rules but I was just thinking about chaining to the next topic with a link in this one)
Best Answer
If you have locked yourself out then you need to do the following: