I am trying to configure the SSL certificates in the MongoDB community edition.
The configuration of my mongod.conf
net:
port: 27017
bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6
addresses or, alternatively, use the net.bindIpAll setting.
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
CAFile: /etc/ssl/ca_bundle.crt
allowConnectionsWithoutCertificates: false
allowInvalidHostnames: false
disabledProtocols: TLS1_0,TLS1_1
Here what I am doing is converting certificate.crt and private.key as mongodb.pem and passing the ca_bundle.crt as CAFile in mongod.conf
I am trying to connect with the server using the command
mongo --ssl --sslPEMKeyFile /etc/ssl/mongodb.pem --sslCAFile /etc/ssl/ca_bundle.crt --host myapptest.tk
Getting the error like
MongoDB shell version v4.0.8
connecting to: mongodb://myapptest.tk:27017/?gssapiServiceName=mongodb
2019-04-04T19:57:40.401+0000 E NETWORK [js] SSL peer certificate validation failed: unable to get local issuer certificate
2019-04-04T19:57:40.402+0000 E QUERY [js] Error: couldn't connect to server myapptest.tk:27017, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: unable to get local issuer certificate :
connect@src/mongo/shell/mongo.js:343:13
@(connect):2:6
exception: connect failed
I want to know, how to create the root_CA.pem file and pass it as –sslCAFile?
where can found the ca.pem file in MongoDB?
Could anybody suggest me how to configure the SSL certificates in MongoDB?
Best Answer
As per MongoDB documentation here The procedure creates both the
CA PEM
file and an intermediate authority certificate and key files to sign server/client test certificates.for further your ref here