'Mongodb SSL - unable to get issuer certificate
I am trying to configure ssl/tls with mongod
on ubuntu 20.04 LTS. mongod version is 5.0.5.
For generating ssl/tls, I am using ssl/ssl certificates from let's encrypt
. I used this command for generating ssl/tls certificate.
sudo certbot certonly --standalone --preferred-challenges http -d example.domain.com
To configure it with mongod, I did the following steps
Copied
fullchain.pem
andprivkey.pem
file into a folder.Use this command to generate
mongodb.pem
file for mongod.cat privkey.pem fullchain.pem > mongodb.pem
For
ca.pem
,I went to this URL, https://letsencrypt.org/certificates/ and downloadedIntermediate Certificates -> Active -> Let’s Encrypt R3 -> Signed by ISRG Root X1 (pem)
file. Saved this file with nameca.pem
in the same directory offullchain.pem/privkey.pem
files.Verified certificate using this command. It returned
mongodb.pem: OK
openssl verify -CAfile ca.crt mongodb.pem
Then I configure ssl/tls configuration with mongod, Added the following lines in
/etc/mongod.conf
net:
port: 27017
bindIp: 0.0.0.0
tls:
mode: requireTLS
certificateKeyFile: /path/to/mongodb.pem
CAFile: /path/to/ca.pem
allowConnectionsWithoutCertificates: false
- Restarted mongod service and It is running with
active (running)
status. - I am trying to connect to mongodb using the following command.
mongo --tls --tlsCAFile ca.pem --tlsCertificateKeyFile mongodb.pem --host mongodb.example-domain.com
- But I am getting this error when I try to connect to mongodb using above command,
SSL peer certificate validation failed: unable to get issuer certificate
I don't know what I am doing wrong in the whole process. If anybody can help me in this ssl/tls certificate issue. Thanks
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|