Mongodb – Not able to connect to Mongodb vie mongo shell

I am no able to connect to mongodb via mongo shell.

command:

sudo mongo --tls --tlsCertificateKeyFile server.pem --tlsCAFile CA_INTERMEDIATE --host "mongodb://xxx:xxx@some-url:27020/data_base?ssl=true"

error:

MongoDB shell version v4.4.3
connecting to: mongodb://some-url:27020/data_base?compressors=disabled&gssapiServiceName=mongodb&ssl=true
{"t":{"$date":"2021-01-08T14:55:17.158Z"},"s":"E",  "c":"NETWORK",  "id":23256,   "ctx":"js","msg":"SSL peer certificate validation failed","attr":{"error":"SSL peer certificate validation failed: unable to verify the first certificate"}}
Error: couldn't connect to server some-url:27020, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: unable to verify the first certificate :
connect@src/mongo/shell/mongo.js:374:17
@(connect):2:6
exception: connect failed
exiting with code 1

However, this works when I am using the same keys, certificate and parameters with mongoDB Compas.

can someone please tell me what I am doing wrong?

Best Answer

I suspect Compass is falling back on the system trust store while the command line tool is not.

Capture the certificate presented by the server:

openssl s_client -connect some-url:27020 </dev/null > retrieved_cert.pem

And then validate using the CA certificate:

openssl verify -CAfile CA_INTERMEDIATE retrieved_cert.pem

If validation succeeds, you should see

retrieved_cert.pem: OK

If that doesn't work, take a look at the subject and issuer of each certificate, and ensure that the file passed to --tlsCAFile contains the self-signed root certificate at the head of the chain.

Best Answer

Related Solutions

Mongodb – Connect to Mongo Shell on OpenShift

Work Arround

MongoDB 3.2 – Strict Mode Not Working

Related Question