I am trying to configure ssl to encrypt mongo connections.
I have a valid certificate in pfx format. From that I extracted the certificate and key using below commands:-
openssl pkcs12 -in abc.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in abc.pfx -nokeys -out cert.pem
cat key.pem cert.pem > final.pem
Then used it to start the mongodb process
./mongod --dbpath /tmp/data/db --sslMode requireSSL --sslPEMKeyFile /tmp/final.pem --port 11232 --sslCAFile /tmp/cert.pem
Then I tried to login from mongo shell with the following command:-
./mongo --ssl --port 11232 --sslPEMKeyFile /tmp/final.pem
But it is giving error
2014-12-04T09:30:57.213+0530 DBClientCursor::init call() failed
2014-12-04T09:30:57.213+0530 Error: DBClientBase::findN: transport error: vikas.cardtronicsdata.com:
exception: connect failed
And in mongod logs below error is coming:-
connection accepted from 10.10.29.3:36762 #1 (1 connection now open)
2014-12-04T11:44:27.161+0530 [conn1] ERROR: SSL peer certificate validation failed:unable to verify the first certificate
How can I solve this error?
댓글 없음:
댓글 쓰기