Certificate Error on Startup

Hello Guys,

since 3 days I am fighting with a TLS setup for my mongodb setup, i am runnuing a mongo 7 docker image on my windows PC for local development and want to do a running setup for production deployment later.

My problem is that i have setup a private key and certifcate for the mongodb itself and created a CA on top.

I have tried many varations of permissions, but not a single of my tries seems to work for me.

The following 3 lines i get in the log files of mongodb before the docker container stops working.

{"t":{"$date":"2023-09-07T20:47:52.530+00:00"},"s":"I",  "c":"CONTROL",  "id":20698,   "ctx":"main","msg":"***** SERVER RESTARTED *****"}
{"t":{"$date":"2023-09-07T20:47:52.534+00:00"},"s":"E",  "c":"NETWORK",  "id":23251,   "ctx":"main","msg":"Cannot read PEM key","attr":{"keyFile":"/certificates/mongodb-cert.pem","error":"error:00000000:lib(0)::reason(0)"}}
{"t":{"$date":"2023-09-07T20:47:52.535+00:00"},"s":"F",  "c":"CONTROL",  "id":20574,   "ctx":"main","msg":"Error during global initialization","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"Can not set up PEM key file."}}}

is there anyone who can help me with a working solution.

this is my mongo.conf

security:
  authorization: enabled
  keyFile: /certificates/mongodb-key.pem  # Path to your private key
  clusterAuthMode: x509

net:
  port: 27017
  bindIp: 0.0.0.0

  tls:
    mode: requireTLS
    certificateKeyFile: /certificates/mongodb-cert.pem  # Path to your certificate
    certificateKeyFilePassword: "secret"
    CAFile: /certificates/ca-cert.pem

systemLog:
  destination: file
  path: /var/log/mongodb/mongod.log
  logAppend: true

and here the docker-compose.json

version: "3.8"

services:
  node_1:
    hostname: node_1
    container_name: mongodb_node_1
    image: mongo:7
    restart: no
    expose:
      - 27017
    ports:
      - "27010:27017"
    networks:
     - private
    user: "mongodb"
    environment:
      - "MONGO_INITDB_ROOT_USERNAME=admin"
      - "MONGO_INITDB_ROOT_PASSWORD=secret"
    volumes:
      - .\node_1:/data/db
      - .\node_1_logs:/var/log/mongodb
      - .\mongod.conf:/etc/mongod.conf:ro
      - .\ca:/certificates
    #entrypoint: [ "/usr/bin/mongod", "--config", "/etc/mongod.conf" ]
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_network"

      - "traefik.tcp.routers.mongo-n1.rule=HostSNI(`mongo-n1.domain.local`)"
      - "traefik.tcp.routers.mongo-n1.entrypoints=mongo"
      - "traefik.tcp.routers.mongo-n1.service=mongo-n1"
      - "traefik.tcp.services.mongo-n1.loadbalancer.server.port=27017"
      - "traefik.tcp.routers.mongo-n1.tls.passthrough=true"

networks:
  private:
    external: true
    name: traefik_network

and this is the way I’ve created my self signed certificates:

# Generate Certificate
openssl req -x509 -newkey rsa:4096 -keyout /certificates/mongodb-key.pem -out /certificates/mongodb-cert.pem -days 365 -subj "$KGP" -passout "pass:$PW"

# Generate CA
openssl genpkey -algorithm RSA -out /certificates/ca-key.pem
openssl req -new -x509 -key /certificates/ca-key.pem -out /certificates/ca-cert.pem -subj "$KGP"

# Change Permissions
chown mongodb:mongodb /certificates/*.pem
chmod 400 /certificates/*.pem

I hope you guys could help me