I have setup mongod to require TLS and I am using self-signed certificates. I can connect to the server with mongo shell, but Compass connection fails with the very same certificates, unless I set tlsAllowInvalidCertificates
in Compass under Advanced Connection Options / TLS/SSL.
The Compass error message is “certificate signature failure”. Mongod logs have “stream truncated” errors (see below).
This seems a Compass bug to me since the very same certificates work with mongo shell. Mongo shell does not require setting --tlsAllowInvalidCertificates
.
Client
- Win11 amd64
- Compass 1.32.5
- mongo shell v4.4.15 in WSL2 / Ubuntu 22.04.1
% mongo --version
MongoDB shell version v4.4.15
Build Info: {
"version": "4.4.15",
"gitVersion": "bc17cf2c788c5dda2801a090ea79da5ff7d5fac9",
"openSSLVersion": "OpenSSL 1.1.1f 31 Mar 2020",
"modules": [],
"allocator": "tcmalloc",
"environment": {
"distmod": "ubuntu2004",
"distarch": "x86_64",
"target_arch": "x86_64"
}
}
Server
- Linux / Ubuntu 22.04.1 LTS amd64
- Mongod v4.4.15
/etc/mongod.conf
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
wiredTiger:
engineConfig:
cacheSizeGB: 2
# where to write logging data.
systemLog:
destination: file
logRotate: rename
logAppend: false
path: /var/log/mongodb/mongod.log
verbosity: 2 # set for debugging
quiet: true
# network interfaces
net:
port: 27017
bindIp: localhost,hostname.domain
tls:
mode: requireTLS
certificateKeyFile: /etc/ssl/mongod.pem
disabledProtocols: TLS1_0,TLS1_1
CAFile: /etc/ssl/certs/CA.pem
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
security:
authorization: enabled
setParameter:
honorSystemUmask: true
disableJavaScriptJIT: false
/var/log/mongodb/mongod.log
{"t":{"$date":"2022-08-01T19:45:31.320+03:00"},"s":"D2", "c":"NETWORK", "id":22986, "ctx":"conn4","msg":"Session from remote encountered a network error during SourceMessage","attr":{"remote":"192.168.3.11:61260","error":{"code":9001,"codeName":"SocketException","errmsg":"stream truncated"}}}
{"t":{"$date":"2022-08-01T19:45:31.849+03:00"},"s":"D2", "c":"NETWORK", "id":22986, "ctx":"conn5","msg":"Session from remote encountered a network error during SourceMessage","attr":{"remote":"192.168.3.11:61261","error":{"code":9001,"codeName":"SocketException","errmsg":"stream truncated"}}}
{"t":{"$date":"2022-08-01T19:45:32.383+03:00"},"s":"D2", "c":"NETWORK", "id":22986, "ctx":"conn6","msg":"Session from remote encountered a network error during SourceMessage","attr":{"remote":"192.168.3.11:61262","error":{"code":9001,"codeName":"SocketException","errmsg":"stream truncated"}}}
{"t":{"$date":"2022-08-01T19:45:32.923+03:00"},"s":"D2", "c":"NETWORK", "id":22986, "ctx":"conn7","msg":"Session from remote encountered a network error during SourceMessage","attr":{"remote":"192.168.3.11:61264","error":{"code":9001,"codeName":"SocketException","errmsg":"stream truncated"}}}
{"t":{"$date":"2022-08-01T19:45:33.458+03:00"},"s":"D2", "c":"NETWORK", "id":22986, "ctx":"conn8","msg":"Session from remote encountered a network error during SourceMessage","attr":{"remote":"192.168.3.11:61265","error":{"code":9001,"codeName":"SocketException","errmsg":"stream truncated"}}}