Confused about X.509 authentication

Robert_Alexander · April 27, 2023, 7:12pm

Hello, I am trying the free tier of MongoDB Atlas.

In the Security->Database Access panel I have generated a mema_admin user with a X.509 certificate that I have downloaded on my local machine.

On this machine I am trying to connect to Atlas via the MongoDB Compass client.

In the Database Deployments I press the Connect button of my database and click on the Compass button (which I already have and use to access my own on-prem databases) and copy the (user_passowrd based) connection string.

On my local Compass I create a new connection and paste the connection string, then in the Authentication method choose X.509 and in the TLS/SSL tab I choose the X.509 certificate I have generated in the first step above, but when I click connect I get a red error box “A Client Certificate is required with with X509 authentication.”

What am I doing wrong? Thanks a lot

Jason_Tran · April 28, 2023, 1:55am

Hi @Robert_Alexander,

The steps you’ve mentioned appear correct based off my interpretation.

Did you select the .PEM file that was downloaded for the X.509 user created in Atlas? You’ll need to select this file from the below highlighted box:

It should look like the following after selecting the file:

Regards,
Jason

Robert_Alexander · April 28, 2023, 4:48am

Thanks @Jason, that’s exactly what I do but when I click connect I get the error.

Jason_Tran · April 28, 2023, 4:55am

Hey Robert - Thanks for confirming.

Could you clarify the steps exactly taken so that I can replicate the error? In addition to that, can you provide the Compass version in use?

Seems quite odd that you’re getting this error if you’re supplying the certificate.

Regards,
Jason

Jason_Tran · April 28, 2023, 5:01am

I tried to see what could have caused the error but couldn’t get the exact same error.

I tried the following:

Editing the .PEM file
Choosing a different file

But both of these provided different errors to what you had received.

Could you also send a screenshot similar to the ones I have provided for the TLS/SSL screen (Please redact any personal or sensitive information before posting here).

Robert_Alexander · April 28, 2023, 5:04am

Hi Jason thanks a lot.

Compass is 1.36.4 running on Mac OS 13.3.1 on an M1 chip.

So this is my database users certificates (I have two now because of tests)

I use the DB Connect button to generate the connection string which I paste into Compass

then ask for X.509

and finally select one of the certs I have generated and downloaded

I tried accessing with userid/password and that works well as expected.

Jason_Tran · April 28, 2023, 5:40am

In your TLS/SSL screenshot, you have chosen the file for Certificate Authority (.pem). Is there an option available for you under that called Client Certificate and Key (.pem)?

You’ll need to select the file for Client Certificate and Key (.pem)

Example:

Perhaps you may need to scroll down a bit although this is just a guess.

Robert_Alexander · April 28, 2023, 6:51am

There we go! Scrolling solved the mistery! Thanks a lot!!!

Jason_Tran · April 28, 2023, 6:52am

Glad to hear Robert thanks for marking the solution + updating the post with confirmation!

system · May 3, 2023, 6:53am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.