We have created CA, intermediate CA and then a signed certificate with all the necessary requirement in mongodb website.
We want to use x509 authentication. Currently we can only work with TLS using allowInvalidCertificates optins, and we are not sure what is the implication.
Enabling the CAFile option, also cause errors with connecting between replicas with errors complaining about using self sign.
- Valid certifications - Do they have to be “paid”? We do not need third party to verify since we are only connected between our own servers. What constitude “invalid”?
- unable to get local issuer certificate error - please provide clearer explanation
- No SSL certificate provided by peer error - please provide clearer explanation
- SSL peer certificate validation failed: unsupported certificate purpose error - please provide clearer explanation
Hopefully, this post can generate enough official replies for different errors return so we can better set up tls connections between replicas.