MongoDB SSL peer certificate validation failed: unable to get issuer certificate

mongodbssl

I have enabled SSL on MongoDB with optional SSL connection: preferred.

I have used lets encrypt in order to obtain SSL certificates. SSLs works as expected and in mongod.log file I can see that:

2018-06-02T06:46:26.664+0000 I NETWORK  [listener] connection accepted from MY_SERVER_IP:45442 #2953818 (121 connections now open)
2018-06-02T06:46:26.664+0000 I NETWORK  [conn2953818] SSL mode is set to 'preferred' and connection 2953818 to MY_SERVER_IP:45442 is not using SSL.

Now on the same host I try to connect to mongo using mongo client command like below:

mongo --ssl --host mongo.example.com --sslPEMKeyFile /etc/ssl/mongo.pem --sslCAFile /etc/ssl/ca.pem

when I use SSL mongo gives error:

MongoDB shell version v3.6.2
connecting to: mongodb://mongo.example.com:27017/
2018-06-02T06:48:34.156+0000 E NETWORK  [thread1] SSL peer certificate validation failed: unable to get issuer certificate
2018-06-02T06:48:34.164+0000 E QUERY    [thread1] Error: socket exception [CONNECT_ERROR] for SSL peer certificate validation failed: unable to get issuer certificate :
connect@src/mongo/shell/mongo.js:251:13
@(connect):1:6
exception: connect failed

Why it reports that unable to get issuer certificate? Is there something in between that I have missed? Could someone shed some light on this?

EDIT1:

I tried the below command too and got the error network error:

root@example2:~# mongo --ssl --host='mongo.domain.com' --port=27017
MongoDB shell version: 3.2.11
connecting to: mongo.domain.com:27017/test
2018-06-02T08:31:13.501+0000 E QUERY    [thread1] Error: network error while attempting to run command 'isMaster' on host 'mongo.domain.com:27017'  :
connect@src/mongo/shell/mongo.js:231:14
@(connect):1:6

exception: connect failed

Now getting error network error while attempting to run command 'isMaster' on host.

In MongoDB server log it reports that:

Error receiving request from client: SSLHandshakeFailed: SSLHandshakeFailed. Ending connection from 127.0.0.1:32793 (connection id: 358957)

Best Answer

By removing CAFile: /etc/ssl/ca.pem option from mongoDB config file, problem gone away.

Related Solutions

Mongodb – Mongo exception: connect failed on reboot

mongod is actual mongodb daemon what "is" the database. mongo is just client program what connects to mongod process (in this case; with sharded cluster it connects to mongos -process).

So, mongod process must be running before mongo can connect it.

You wrote that sudo systemctl enable mongod.service don't work anymore? Check if that service has (some how) changed its name. Just give command sudo systemctl|grep -i mongo and you can see if it is there and it is enabled. IF still your mongod process don't start automatically after reboot, check /var/log/mongodb/mongodb.log (you can check that lock file name with sudo grep path /etc/mongod.conf -command) says. What is the error? Fix that error (maybe chown of directory and files?) and try again with sudo systemctl restart mongod.service (or what ever is services name)

Mongodb – How to change default mongo port on a bitnami instance

I am running a bitnami instance of mongodb for our pre-production. The default port for mongo is 27017. But for security reasons i want to change it but it is not possible.

As you mention error code below

Error: couldn't connect to server /opt/bitnami/mongodb/tmp/mongodb-27017.sock:27017, connection attempt failed : connect@src/mongo/shell/mongo.js:237:13 @(connect):1:6 exception: connect failed

As per your error code location (/opt/bitnami/mongodb/tmp/mongodb-27017.sock) mongod tring to connect with port 27017. May be your mongod.conf data files and log files has not configure properly or may be you don't have a authentication permission of that folder where is mongod.conf .

As Bitnami MongoDB documentation here On Unix, the MongoDB clients can connect to the server using a Unix socket file at

installdir/mongodb/tmp/mongodb.sock

The default port in which MongoDB listens is 27017

The main MongoDB log file is at installdir/mongodb/log/mongodb.log

The MongoDB configuration file is located at installdir/mongodb/mongodb.conf

The official MongoDB documentation has more details about how configure the MongoDB database.

For your further ref here , here and here

Best Answer

Related Solutions

Mongodb – Mongo exception: connect failed on reboot

Mongodb – How to change default mongo port on a bitnami instance

Related Question