Have generated the valid certificates from DigiCerts (CA file and the pem file) . PEM file is the combination of private key and server certificate. but somehow the mongo shell is not working with these certificates.
Here is the setup: The environment :
what we have
Mongo server : Ubuntu 16.04 , mongo version : 4.0.10
have configured the /etc/mongod.conf
file as well. mentioned the path of the Pem file and CA file correctly. the CN name matches the hostname and is exactly the same.
what is the issue
but now when i run the following mongo command , it fails
root@m1:/home/administrator# mongo --port 27017 --ssl --host m1.com –-sslPEMKeyFile /etc/pemfile.pem –-sslCAFile /etc/cafile.pem
MongoDB shell version v4.0.13 connecting to: mongodb://m1.com:27017/%E2%80%93-sslPEMKeyFile?gssapiServiceName=mongodb 2019-12-05T06:50:31.195-0500 I NETWORK [js] DBClientConnection failed to receive message from m1.com:27017 - SocketException: short read 2019-12-05T06:50:31.195-0500 E QUERY [js] Error: network error while attempting to run command 'isMaster' on host 'm1.com:27017' : connect@src/mongo/shell/mongo.js:344:17 @(connect):2:6 exception: connect failed root@m1:/home/administrator#
the current server is primary/master server i guess.
please suggest
Finally found the solution on this. The actual issue was , not having Trusted root certificate in the CA file. CA file was having just DigiCert CA certificate but TrustedRoot certificate was missing.
The moment i added the certificate , it started working. Thanks.