Mongodb connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: self signed...












0














I set up a mongoDB database with SSL security on an Ubuntu 16.04.5 LTS server and I have been using it for a few months. To set up SSL on mongo I followed the tutorial by Rajan Maharjan on medium.com (link). Coming back to my server after a short period of not using it, I received the following error message:



SSL peer certificate validation failed: certificate has expired



Looking at the mongo log, I found:



[PeriodicTaskRunner] Server certificate is now invalid. It expired on 2018-11-10T08:10:11.000Z



So I regenerated and re-signed all my certificates with the rootCA.key file, following the same steps as when creating certificates for the first time. I restarted mongod with:



service mongod restart



And now I have the "self signed certificate" error:



MongoDB shell version v4.0.2

connecting to: mongodb://IP:port/

2018-11-21T13:11:10.584+0000 E NETWORK  [js] SSL peer certificate     

validation failed: self signed certificate

2018-11-21T13:11:10.584+0000 E QUERY    [js] Error: 

couldn't connect to server IP:port, connection attempt failed: 

SSLHandshakeFailed: SSL peer certificate validation failed: self signed certificate :

connect@src/mongo/shell/mongo.js:257:13

@(connect):1:6

exception: connect failed


My connection string is the following:



mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:port



I have not found any resources on re-signing certificates for mongoDB. Any help would be much appreciated.



EDIT



/etc/mongod.conf :



# mongod.conf



# for documentation of all options, see:

#   http://docs.mongodb.org/manual/reference/configuration-options/



# Where and how to store data.

storage:

  dbPath: /var/lib/mongodb

  journal:

    enabled: true

#  engine:

#  mmapv1:

#  wiredTiger:



# where to write logging data.

systemLog:

  destination: file

  logAppend: true

  path: /var/log/mongodb/mongod.log



# network interfaces

net:

  port: PORT

  bindIp: IP

  ssl:

    mode: requireSSL

    PEMKeyFile: /etc/ssl/mongodb.pem

    CAFile: /etc/ssl/rootCA.pem



# how the process runs

 processManagement:

  timeZoneInfo: /usr/share/zoneinfo



#security:

security:

   authorization: "enabled"



#operationProfiling:



#replication:



#sharding:



## Enterprise-Only Options:



#auditLog:



#snmp:





mongodb ssl openssl ubuntu-16.04







share|improve this question
























  • Are you using the correct sslCAFile? Shouldn't it be /PATH/TO/abc.crt ?
    – Aniket Maithani
    Nov 21 '18 at 14:16










  • @AniketMaithani I tried using the .crt as per your suggestion, I get Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log. The connection string in my question is the same I used before and it used to work.
    – Nicolas Gaborel
    Nov 21 '18 at 15:09










  • Adding the --sslAllowInvalidCertificates option in the mongo connection string yields the following error message: [js] Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log.
    – Nicolas Gaborel
    Nov 27 '18 at 15:24






  • 1




    Hey @Nicolas can you post your /etc/mongod.conf file here ? Meanwhile try using the following : dpaste.de/U4Lm
    – Aniket Maithani
    Nov 28 '18 at 2:06












  • Hi @AniketMaithani I edited my question to add the .conf file. I tried your solution (and commented out the rootCA.pem line in the .conf file) but with mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem I get exception in initAndListen: NonExistentPath: Data directory /data/db not found., terminating and when restarting the service, in the log I have the following error WARNING: No SSL certificate validation can be performed since no CA file has been provided
    – Nicolas Gaborel
    Nov 28 '18 at 8:57
















0














I set up a mongoDB database with SSL security on an Ubuntu 16.04.5 LTS server and I have been using it for a few months. To set up SSL on mongo I followed the tutorial by Rajan Maharjan on medium.com (link). Coming back to my server after a short period of not using it, I received the following error message:



SSL peer certificate validation failed: certificate has expired



Looking at the mongo log, I found:



[PeriodicTaskRunner] Server certificate is now invalid. It expired on 2018-11-10T08:10:11.000Z



So I regenerated and re-signed all my certificates with the rootCA.key file, following the same steps as when creating certificates for the first time. I restarted mongod with:



service mongod restart



And now I have the "self signed certificate" error:



MongoDB shell version v4.0.2

connecting to: mongodb://IP:port/

2018-11-21T13:11:10.584+0000 E NETWORK  [js] SSL peer certificate     

validation failed: self signed certificate

2018-11-21T13:11:10.584+0000 E QUERY    [js] Error: 

couldn't connect to server IP:port, connection attempt failed: 

SSLHandshakeFailed: SSL peer certificate validation failed: self signed certificate :

connect@src/mongo/shell/mongo.js:257:13

@(connect):1:6

exception: connect failed


My connection string is the following:



mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:port



I have not found any resources on re-signing certificates for mongoDB. Any help would be much appreciated.



EDIT



/etc/mongod.conf :



# mongod.conf



# for documentation of all options, see:

#   http://docs.mongodb.org/manual/reference/configuration-options/



# Where and how to store data.

storage:

  dbPath: /var/lib/mongodb

  journal:

    enabled: true

#  engine:

#  mmapv1:

#  wiredTiger:



# where to write logging data.

systemLog:

  destination: file

  logAppend: true

  path: /var/log/mongodb/mongod.log



# network interfaces

net:

  port: PORT

  bindIp: IP

  ssl:

    mode: requireSSL

    PEMKeyFile: /etc/ssl/mongodb.pem

    CAFile: /etc/ssl/rootCA.pem



# how the process runs

 processManagement:

  timeZoneInfo: /usr/share/zoneinfo



#security:

security:

   authorization: "enabled"



#operationProfiling:



#replication:



#sharding:



## Enterprise-Only Options:



#auditLog:



#snmp:





mongodb ssl openssl ubuntu-16.04







share|improve this question
























  • Are you using the correct sslCAFile? Shouldn't it be /PATH/TO/abc.crt ?
    – Aniket Maithani
    Nov 21 '18 at 14:16










  • @AniketMaithani I tried using the .crt as per your suggestion, I get Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log. The connection string in my question is the same I used before and it used to work.
    – Nicolas Gaborel
    Nov 21 '18 at 15:09










  • Adding the --sslAllowInvalidCertificates option in the mongo connection string yields the following error message: [js] Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log.
    – Nicolas Gaborel
    Nov 27 '18 at 15:24






  • 1




    Hey @Nicolas can you post your /etc/mongod.conf file here ? Meanwhile try using the following : dpaste.de/U4Lm
    – Aniket Maithani
    Nov 28 '18 at 2:06












  • Hi @AniketMaithani I edited my question to add the .conf file. I tried your solution (and commented out the rootCA.pem line in the .conf file) but with mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem I get exception in initAndListen: NonExistentPath: Data directory /data/db not found., terminating and when restarting the service, in the log I have the following error WARNING: No SSL certificate validation can be performed since no CA file has been provided
    – Nicolas Gaborel
    Nov 28 '18 at 8:57














0












0








0







I set up a mongoDB database with SSL security on an Ubuntu 16.04.5 LTS server and I have been using it for a few months. To set up SSL on mongo I followed the tutorial by Rajan Maharjan on medium.com (link). Coming back to my server after a short period of not using it, I received the following error message:



SSL peer certificate validation failed: certificate has expired



Looking at the mongo log, I found:



[PeriodicTaskRunner] Server certificate is now invalid. It expired on 2018-11-10T08:10:11.000Z



So I regenerated and re-signed all my certificates with the rootCA.key file, following the same steps as when creating certificates for the first time. I restarted mongod with:



service mongod restart



And now I have the "self signed certificate" error:



MongoDB shell version v4.0.2

connecting to: mongodb://IP:port/

2018-11-21T13:11:10.584+0000 E NETWORK  [js] SSL peer certificate     

validation failed: self signed certificate

2018-11-21T13:11:10.584+0000 E QUERY    [js] Error: 

couldn't connect to server IP:port, connection attempt failed: 

SSLHandshakeFailed: SSL peer certificate validation failed: self signed certificate :

connect@src/mongo/shell/mongo.js:257:13

@(connect):1:6

exception: connect failed


My connection string is the following:



mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:port



I have not found any resources on re-signing certificates for mongoDB. Any help would be much appreciated.



EDIT



/etc/mongod.conf :



# mongod.conf



# for documentation of all options, see:

#   http://docs.mongodb.org/manual/reference/configuration-options/



# Where and how to store data.

storage:

  dbPath: /var/lib/mongodb

  journal:

    enabled: true

#  engine:

#  mmapv1:

#  wiredTiger:



# where to write logging data.

systemLog:

  destination: file

  logAppend: true

  path: /var/log/mongodb/mongod.log



# network interfaces

net:

  port: PORT

  bindIp: IP

  ssl:

    mode: requireSSL

    PEMKeyFile: /etc/ssl/mongodb.pem

    CAFile: /etc/ssl/rootCA.pem



# how the process runs

 processManagement:

  timeZoneInfo: /usr/share/zoneinfo



#security:

security:

   authorization: "enabled"



#operationProfiling:



#replication:



#sharding:



## Enterprise-Only Options:



#auditLog:



#snmp:





mongodb ssl openssl ubuntu-16.04







share|improve this question















I set up a mongoDB database with SSL security on an Ubuntu 16.04.5 LTS server and I have been using it for a few months. To set up SSL on mongo I followed the tutorial by Rajan Maharjan on medium.com (link). Coming back to my server after a short period of not using it, I received the following error message:



SSL peer certificate validation failed: certificate has expired



Looking at the mongo log, I found:



[PeriodicTaskRunner] Server certificate is now invalid. It expired on 2018-11-10T08:10:11.000Z



So I regenerated and re-signed all my certificates with the rootCA.key file, following the same steps as when creating certificates for the first time. I restarted mongod with:



service mongod restart



And now I have the "self signed certificate" error:



MongoDB shell version v4.0.2

connecting to: mongodb://IP:port/

2018-11-21T13:11:10.584+0000 E NETWORK  [js] SSL peer certificate     

validation failed: self signed certificate

2018-11-21T13:11:10.584+0000 E QUERY    [js] Error: 

couldn't connect to server IP:port, connection attempt failed: 

SSLHandshakeFailed: SSL peer certificate validation failed: self signed certificate :

connect@src/mongo/shell/mongo.js:257:13

@(connect):1:6

exception: connect failed


My connection string is the following:



mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:port



I have not found any resources on re-signing certificates for mongoDB. Any help would be much appreciated.



EDIT



/etc/mongod.conf :



# mongod.conf



# for documentation of all options, see:

#   http://docs.mongodb.org/manual/reference/configuration-options/



# Where and how to store data.

storage:

  dbPath: /var/lib/mongodb

  journal:

    enabled: true

#  engine:

#  mmapv1:

#  wiredTiger:



# where to write logging data.

systemLog:

  destination: file

  logAppend: true

  path: /var/log/mongodb/mongod.log



# network interfaces

net:

  port: PORT

  bindIp: IP

  ssl:

    mode: requireSSL

    PEMKeyFile: /etc/ssl/mongodb.pem

    CAFile: /etc/ssl/rootCA.pem



# how the process runs

 processManagement:

  timeZoneInfo: /usr/share/zoneinfo



#security:

security:

   authorization: "enabled"



#operationProfiling:



#replication:



#sharding:



## Enterprise-Only Options:



#auditLog:



#snmp:





mongodb ssl openssl ubuntu-16.04




mongodb ssl openssl ubuntu-16.04






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 28 '18 at 8:53

























asked Nov 21 '18 at 13:23









Nicolas Gaborel

287




287












  • Are you using the correct sslCAFile? Shouldn't it be /PATH/TO/abc.crt ?
    – Aniket Maithani
    Nov 21 '18 at 14:16










  • @AniketMaithani I tried using the .crt as per your suggestion, I get Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log. The connection string in my question is the same I used before and it used to work.
    – Nicolas Gaborel
    Nov 21 '18 at 15:09










  • Adding the --sslAllowInvalidCertificates option in the mongo connection string yields the following error message: [js] Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log.
    – Nicolas Gaborel
    Nov 27 '18 at 15:24






  • 1




    Hey @Nicolas can you post your /etc/mongod.conf file here ? Meanwhile try using the following : dpaste.de/U4Lm
    – Aniket Maithani
    Nov 28 '18 at 2:06












  • Hi @AniketMaithani I edited my question to add the .conf file. I tried your solution (and commented out the rootCA.pem line in the .conf file) but with mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem I get exception in initAndListen: NonExistentPath: Data directory /data/db not found., terminating and when restarting the service, in the log I have the following error WARNING: No SSL certificate validation can be performed since no CA file has been provided
    – Nicolas Gaborel
    Nov 28 '18 at 8:57


















  • Are you using the correct sslCAFile? Shouldn't it be /PATH/TO/abc.crt ?
    – Aniket Maithani
    Nov 21 '18 at 14:16










  • @AniketMaithani I tried using the .crt as per your suggestion, I get Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log. The connection string in my question is the same I used before and it used to work.
    – Nicolas Gaborel
    Nov 21 '18 at 15:09










  • Adding the --sslAllowInvalidCertificates option in the mongo connection string yields the following error message: [js] Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log.
    – Nicolas Gaborel
    Nov 27 '18 at 15:24






  • 1




    Hey @Nicolas can you post your /etc/mongod.conf file here ? Meanwhile try using the following : dpaste.de/U4Lm
    – Aniket Maithani
    Nov 28 '18 at 2:06












  • Hi @AniketMaithani I edited my question to add the .conf file. I tried your solution (and commented out the rootCA.pem line in the .conf file) but with mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem I get exception in initAndListen: NonExistentPath: Data directory /data/db not found., terminating and when restarting the service, in the log I have the following error WARNING: No SSL certificate validation can be performed since no CA file has been provided
    – Nicolas Gaborel
    Nov 28 '18 at 8:57
















Are you using the correct sslCAFile? Shouldn't it be /PATH/TO/abc.crt ?
– Aniket Maithani
Nov 21 '18 at 14:16




Are you using the correct sslCAFile? Shouldn't it be /PATH/TO/abc.crt ?
– Aniket Maithani
Nov 21 '18 at 14:16












@AniketMaithani I tried using the .crt as per your suggestion, I get Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log. The connection string in my question is the same I used before and it used to work.
– Nicolas Gaborel
Nov 21 '18 at 15:09




@AniketMaithani I tried using the .crt as per your suggestion, I get Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log. The connection string in my question is the same I used before and it used to work.
– Nicolas Gaborel
Nov 21 '18 at 15:09












Adding the --sslAllowInvalidCertificates option in the mongo connection string yields the following error message: [js] Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log.
– Nicolas Gaborel
Nov 27 '18 at 15:24




Adding the --sslAllowInvalidCertificates option in the mongo connection string yields the following error message: [js] Error: network error while attempting to run command 'isMaster' on host and SSL peer certificate validation failed: self signed certificate in the log.
– Nicolas Gaborel
Nov 27 '18 at 15:24




1




1




Hey @Nicolas can you post your /etc/mongod.conf file here ? Meanwhile try using the following : dpaste.de/U4Lm
– Aniket Maithani
Nov 28 '18 at 2:06






Hey @Nicolas can you post your /etc/mongod.conf file here ? Meanwhile try using the following : dpaste.de/U4Lm
– Aniket Maithani
Nov 28 '18 at 2:06














Hi @AniketMaithani I edited my question to add the .conf file. I tried your solution (and commented out the rootCA.pem line in the .conf file) but with mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem I get exception in initAndListen: NonExistentPath: Data directory /data/db not found., terminating and when restarting the service, in the log I have the following error WARNING: No SSL certificate validation can be performed since no CA file has been provided
– Nicolas Gaborel
Nov 28 '18 at 8:57




Hi @AniketMaithani I edited my question to add the .conf file. I tried your solution (and commented out the rootCA.pem line in the .conf file) but with mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem I get exception in initAndListen: NonExistentPath: Data directory /data/db not found., terminating and when restarting the service, in the log I have the following error WARNING: No SSL certificate validation can be performed since no CA file has been provided
– Nicolas Gaborel
Nov 28 '18 at 8:57












1 Answer
1






active

oldest

votes


















0














I managed to get it to work again by following these steps (which, for some reason, did not work before):




  • remove mongodb.* files from /etc/ssl/

  • regenerate certificates with the commands:


    • openssl genrsa -out mongodb.key 2048

    • openssl req -new -key mongodb.key -out mongodb.csr

    • Server address in the field Common Name (eg, YOUR name)

    • openssl x509 -req -in mongodb.csr -CA rootCA.pem -CAkey /PATH/TO/rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256

    • cat mongodb.key mongodb.crt > mongodb.pem



  • chmod 666 mongodb.pem

  • service mongod restart

  • cat /var/log/mongodb/mongod.log (to check status)


And to launch the mongo shell




  • mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:PORT


Thank you @AniketMaithani for trying to help me solve this issue.






share|improve this answer





















    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53413017%2fmongodb-connection-attempt-failed-sslhandshakefailed-ssl-peer-certificate-vali%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I managed to get it to work again by following these steps (which, for some reason, did not work before):




    • remove mongodb.* files from /etc/ssl/

    • regenerate certificates with the commands:


      • openssl genrsa -out mongodb.key 2048

      • openssl req -new -key mongodb.key -out mongodb.csr

      • Server address in the field Common Name (eg, YOUR name)

      • openssl x509 -req -in mongodb.csr -CA rootCA.pem -CAkey /PATH/TO/rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256

      • cat mongodb.key mongodb.crt > mongodb.pem



    • chmod 666 mongodb.pem

    • service mongod restart

    • cat /var/log/mongodb/mongod.log (to check status)


    And to launch the mongo shell




    • mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:PORT


    Thank you @AniketMaithani for trying to help me solve this issue.






    share|improve this answer


























      0














      I managed to get it to work again by following these steps (which, for some reason, did not work before):




      • remove mongodb.* files from /etc/ssl/

      • regenerate certificates with the commands:


        • openssl genrsa -out mongodb.key 2048

        • openssl req -new -key mongodb.key -out mongodb.csr

        • Server address in the field Common Name (eg, YOUR name)

        • openssl x509 -req -in mongodb.csr -CA rootCA.pem -CAkey /PATH/TO/rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256

        • cat mongodb.key mongodb.crt > mongodb.pem



      • chmod 666 mongodb.pem

      • service mongod restart

      • cat /var/log/mongodb/mongod.log (to check status)


      And to launch the mongo shell




      • mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:PORT


      Thank you @AniketMaithani for trying to help me solve this issue.






      share|improve this answer
























        0












        0








        0






        I managed to get it to work again by following these steps (which, for some reason, did not work before):




        • remove mongodb.* files from /etc/ssl/

        • regenerate certificates with the commands:


          • openssl genrsa -out mongodb.key 2048

          • openssl req -new -key mongodb.key -out mongodb.csr

          • Server address in the field Common Name (eg, YOUR name)

          • openssl x509 -req -in mongodb.csr -CA rootCA.pem -CAkey /PATH/TO/rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256

          • cat mongodb.key mongodb.crt > mongodb.pem



        • chmod 666 mongodb.pem

        • service mongod restart

        • cat /var/log/mongodb/mongod.log (to check status)


        And to launch the mongo shell




        • mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:PORT


        Thank you @AniketMaithani for trying to help me solve this issue.






        share|improve this answer












        I managed to get it to work again by following these steps (which, for some reason, did not work before):




        • remove mongodb.* files from /etc/ssl/

        • regenerate certificates with the commands:


          • openssl genrsa -out mongodb.key 2048

          • openssl req -new -key mongodb.key -out mongodb.csr

          • Server address in the field Common Name (eg, YOUR name)

          • openssl x509 -req -in mongodb.csr -CA rootCA.pem -CAkey /PATH/TO/rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256

          • cat mongodb.key mongodb.crt > mongodb.pem



        • chmod 666 mongodb.pem

        • service mongod restart

        • cat /var/log/mongodb/mongod.log (to check status)


        And to launch the mongo shell




        • mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:PORT


        Thank you @AniketMaithani for trying to help me solve this issue.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 28 '18 at 10:16









        Nicolas Gaborel

        287




        287






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53413017%2fmongodb-connection-attempt-failed-sslhandshakefailed-ssl-peer-certificate-vali%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Wiesbaden

            Image
            Wappen Deutschlandkarte 50.0825 8.24 117 Koordinaten: 50° 5′  N , 8° 14′  O Basisdaten Bundesland: Hessen Regierungsbezirk: Darmstadt Höhe: 117 m ü. NHN Fläche: 203,93 km 2 Einwohner: 278.654 (31. Dez. 2017) [1] Bevölkerungsdichte: 1366 Einwohner je km 2 Postleitzahlen: 65183–65207, 55246, 55252 Vorlage:Infobox Gemeinde in Deutschland/Wartung/PLZ enthält Text Vorwahlen: 0611, 06122, 06127, 06134 Kfz-Kennzeichen: WI Gemeindeschlüssel: 06 4 14 000 LOCODE: DE WIB NUTS: DE714 Stadtgliederung: 26 Ortsbezirke Adresse der Stadtverwaltung: Schlossplatz 6 65183 Wiesbaden Webpräsenz: www.wiesbaden.de Oberbürgermeister: Sven Gerich (SPD) Lage der Landeshauptstadt Wiesbaden in Hessen und im Regierungsbezirk Darmstadt Offizielles Logo der Landeshauptstadt Wiesbaden Flagge der Landeshauptstadt Wiesbaden Wiesbaden is
            Read more

            Marschland

            Image
            Kilometerweite Marsch in den Vier- und Marschlanden am Elbdeich Die Wedeler Marschlandschaft in Schleswig-Holstein Der Hadelner Kanal zur Entwässerung der Marsch Die tief gelegene Marsch und ein Entwässerungskanal Das Schöpfwerk Otterndorf im Land Hadeln zur Entwässerung der Medem verfügte damals bereits über die größte Kreiselpumpe Europas. Das Schöpfwerk in Neuhaus für die Aue und des Neuhaus-Bülkauer Kanals Als Marsch(land) (v. niederdt., altsächs. mersc ) – auch Masch , Mersch oder Schwemmland genannt – bezeichnet man eine nacheiszeitlich entstandene geomorphologische Landform im Gebiet der nordwestdeutschen Küsten und Flüsse sowie vergleichbare Landformen weltweit. Inhaltsverzeichnis 1 Landschaft 2 Entstehung 3 Marschböden 4 Nutzung 5 Marschgebiete in Deutschland 6 Siehe auch 7 Literatur 8 Weblinks 9 Einzelnachweise Landschaft | Marschen sind generell flache Landstriche ohne natürliche Erhebungen. Si
            Read more

            Dieringhausen

            Image
            Dieringhausen Stadt Gummersbach 50.982777777778 7.5316666666667 165 Koordinaten: 50° 58′ 58″  N , 7° 31′ 54″  O Höhe: 165  (160–245)  m Einwohner: 5055  (30. Jun. 2016) Postleitzahl: 51645 Vorwahl: 02261 Lage von Dieringhausen in Gummersbach Im Hohl ca. 1927–1930 Ansicht von Südwesten bei Bünghausen Dieringhausen (im örtlichen Dialekt Dierkesen ) ist ein Ortsteil von Gummersbach im Oberbergischen Kreis, Regierungsbezirk Köln, Nordrhein-Westfalen (Deutschland). Inhaltsverzeichnis 1 Geographie 2 Geschichte 3 Kultur 3.1 Sehenswürdigkeiten 3.2 Regelmäßige Veranstaltungen 4 Infrastruktur und Wirtschaft 4.1 Verkehr 4.1.1 Schienen- und Busverkehr 4.1.2 Straßen 4.2 Öffentliche Einrichtungen 4.2.1 Schulen und Bildungseinrichtungen 4.2.2 Kirchliche Einrichtungen 5 Persönlichkeiten 5.1 In Dieringhausen geboren 5.2 In Dieringhausen gelebt 6 Einzelnachweise 7
            Read more