MongoDB - SSL 连接问题 [英] MongoDB - SSL connection issues
问题描述
操作系统版本 - ubuntu 12.04
MongoDB 版本 - 3.2.5
猫鼬版本 - 4.10.8
生成 SSL 证书的步骤:
1. openssl req -newkey rsa:2048 -new -x509 -days 3650 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
2. cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
OS version - ubuntu 12.04
MongoDB version - 3.2.5
Mongoose version - 4.10.8
Steps to generate SSL certificate:
1. openssl req -newkey rsa:2048 -new -x509 -days 3650 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
2. cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
启动 mongo 服务器
mongo.conf
Start mongo server
mongo.conf
net:
port: 10023
bindIp: 10.x.x.x
ssl:
mode: allowSSL
PEMKeyFile: /etc/ssl/mongodb.pem
CAFile: /etc/ssl/mongodb-cert.crt
当我通过 mongo 客户端连接时,这工作正常.
mongo --ssl --host 10.x.x.x --port 10023 --sslCAFile mongodb-cert.crt --sslPEMKeyFile mongodb.pem
This works fine when i connect via mongo client.
mongo --ssl --host 10.x.x.x --port 10023 --sslCAFile mongodb-cert.crt --sslPEMKeyFile mongodb.pem
但是它用猫鼬抛出错误
var mongoose = require('mongoose');
var fs = require('fs');
var ca = fs.readFileSync("./mongodb-cert.crt");
var key = fs.readFileSync("./mongodb.pem");
var cert = fs.readFileSync("./mongodb-cert.crt");
mongoose.connect('mongodb://10.x.x.x:10023' + '/' + 'DBName' + '?ssl=true',
{
server: {
sslValidate: true,
sslCa: ca,
sslKey: key,
sslCert: cert
}
}
);
{ name: 'MongoError', message: '自签名证书' }
{ name: 'MongoError', message: 'self signed certificate' }
推荐答案
我猜你已经使用了 https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication - 我最好的猜测是你不应该指定 sslCA
使用自签名证书时的参数.
I guess you have used the procedure from https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication - my best guess is that you should NOT specify the sslCA
parameter when using a self-signed certificate.
sslCA
仅应在您指代颁发 sslCert
中指定的证书的证书颁发机构时使用.
sslCA
should only be used when you are referring to a Certificate Authority that issued the certificate specified in sslCert
.
这篇关于MongoDB - SSL 连接问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!