我在使用SSL模式的MongoDB上遇到问题。 当我尝试连接我的数据库时,出现此错误。Mongo Gandi SSL证书不可信
mongo --ssl --sslCAFile /etc/ssl/certs/GandiStandardSSLCA2.pem --host plip.plop.com
MongoDB shell version: 3.0.6
connecting to: plip.plop.com:27017/test
2015-10-16T10:24:23.122+0000 E NETWORK SSL peer certificate validation failed:certificate not trusted
2015-10-16T10:24:23.126+0000 E QUERY Error: socket exception [CONNECT_ERROR] for
at connect (src/mongo/shell/mongo.js:181:14)
at (connect):1:6 at src/mongo/shell/mongo.js:181
我的服务器响应:
2015-10-16T10:26:53.034+0000 I NETWORK [initandlisten] connection accepted from 172.17.0.227:48786 #1 (1 connection now open)
2015-10-16T10:26:53.046+0000 W NETWORK [conn1] no SSL certificate provided by peer
2015-10-16T10:26:53.046+0000 I NETWORK [conn1] end connection 172.17.0.227:48786 (0 connections now open)
(在可以连接到我的数据库中,如果我使用标志--sslAllowInvalidCertificates
)所以现在
,我该怎么办:
我已添加此证书的SSL证书:
cp wildcart.plop.com.crt /etc/ssl/certs/wildcart.plop.com.crt
cp wildcart.plop.com.key /etc/ssl/private/wildcart.plop.com.key
cp GandiStandardSSLCA2.pem /usr/local/share/ca-certificates/gandi.net /GandiStandardSSLCA2.crt # come from https://wiki.gandi.net/en/ssl/intermediate
cat /etc/ssl/private/wildcart.plop.com.key /etc/ssl/certs/wildcart.plop.com.crt > /etc/ssl/certs/mongodb.pem
rm /etc/ssl/private/wildcart.plop.com.key /etc/ssl/certs/wildcart.plop.com.crt
update-ca-certificates
c_rehash
和我的MongoDB是开始与这条线mongod --replSet plop --config /etc/mongodb/mongod
/etc/mongodb/mongod
内容:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/certs/mongodb.pem
CAFile: /etc/ssl/certs/GandiStandardSSLCA2.pem
allowConnectionsWithoutCertificates: true
所以你能帮助我在这个问题?我不明白为什么我的证书不可信。 你有什么想法吗?
在此先感谢您的帮助。
PS:对不起,我的英语,我不是英语流利完全:d
http://dba.stackexchange.com/questions/80859/issues-with-self-signed-certificates-ssl-and-mongodb – Vaulstein
这是不完全一样的情况下。我不想用证书来验证客户端。目前,我没有为客户使用任何密码或密钥。我只想通过ssl连接到mongo。 – David