Cannot connect to MongoDB in docker after enabling TLS

I’m working on a test environment with mongo image in Docker Desktop. I need to configure TLS with a self-signed certificate.

I generated a PEM certificate and updated mongo configuration file (see below). Service started successfully, but clients cannot connect to the service (test .Net client, Mongo Compass).

.Net client gets the following error:

System.TimeoutException: 'A timeout occurred after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 }, OperationsCountServerSelector }. Client view of cluster state is { ClusterId : “1”, DirectConnection : “True”, Type : “Standalone”, State : “Disconnected”, Servers : [{ ServerId: “{ ClusterId : 1, EndPoint : “192.168.2.11:27017” }”, EndPoint: “192.168.2.11:27017”, ReasonChanged: “Heartbeat”, State: “Disconnected”, ServerVersion: , TopologyVersion: , Type: “Unknown”, HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server.

Mongo image log contains many similar lines. See a short extract below:

{"t":{"$date":"2022-07-22T20:08:42.422+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.19.0.1:56814","uuid":"43a121aa-a251-4a5b-b02e-550e251ec477","connectionId":1,"connectionCount":1}}
{"t":{"$date":"2022-07-22T20:08:42.422+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.19.0.1:56812","uuid":"d3ca9390-5353-4ae3-8ab0-e4bd77a37b79","connectionId":2,"connectionCount":2}}
{"t":{"$date":"2022-07-22T20:08:42.487+00:00"},"s":"I",  "c":"NETWORK",  "id":22944,   "ctx":"conn2","msg":"Connection ended","attr":{"remote":"172.19.0.1:56812","uuid":"d3ca9390-5353-4ae3-8ab0-e4bd77a37b79","connectionId":2,"connectionCount":1}}
{"t":{"$date":"2022-07-22T20:08:42.487+00:00"},"s":"I",  "c":"NETWORK",  "id":22944,   "ctx":"conn1","msg":"Connection ended","attr":{"remote":"172.19.0.1:56814","uuid":"43a121aa-a251-4a5b-b02e-550e251ec477","connectionId":1,"connectionCount":0}}
{"t":{"$date":"2022-07-22T20:08:43.018+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.19.0.1:56816","uuid":"6cb73ff5-f2ce-4af2-b3ba-7767b66926a3","connectionId":3,"connectionCount":1}}
{"t":{"$date":"2022-07-22T20:08:43.024+00:00"},"s":"I",  "c":"NETWORK",  "id":22944,   "ctx":"conn3","msg":"Connection ended","attr":{"remote":"172.19.0.1:56816","uuid":"6cb73ff5-f2ce-4af2-b3ba-7767b66926a3","connectionId":3,"connectionCount":0}}

mongod.yaml

net:
  tls:
    mode: requireTLS
    certificateKeyFile: /etc/mongo/cert/pub and priv keys.pem
    certificateKeyFilePassword: 1
    disabledProtocols: TLS1_0,TLS1_1

docker-compose.yaml

version: "3.1"

services:
  my-mongo:
    image: mongo:latest
    command: "--config /etc/mongo/conf/mongod.yaml"
    restart: always
    container_name: mongo
    hostname: mongo_host
    ports:
      - "27017:27017"
      - "8080:80"
    environment:
      MONGO_INITDB_ROOT_USERNAME: oleksiiroot
      MONGO_INITDB_ROOT_PASSWORD: password
    volumes:
      - "./volumes/mongo/config/:/etc/mongo/conf/"
      - "./volumes/mongo/cert/:/etc/mongo/cert/"
      - "./volumes/mongo/data/:/data/db/"

.NET app source code (MongoUrlBuilder)

var urlBuilder = new MongoUrlBuilder();
urlBuilder.ApplicationName = "my-app-name";
urlBuilder.DirectConnection = true;
urlBuilder.Scheme = ConnectionStringScheme.MongoDB;
urlBuilder.Server = new MongoServerAddress("192.168.2.11", 27017);
urlBuilder.Username = "oleksiiroot";
urlBuilder.Password = "password";
urlBuilder.UseTls = true;
urlBuilder.TlsDisableCertificateRevocationCheck = true; 

I finally got it working.

I had to set AllowInsecureTls to true and remove the line of code that sets TlsDisableCertificateRevocationCheck to true in the .Net app.

MongoDb Compass connected after ticking “tlsInsecure” check box.