MongoDB connection URI for SSL

Hi, I’m new to this community. Not sure if posting such a big description is okay. So here I go:

I’m working on JDK8 and using mongo-java-driver(v3.5.0) to connect MongoDB(v3.6.3) .

I’ve enabled SSL by following this article. I don’t have /etc/mongod.conf file, instead I’ve /etc/mongodb.conf file; so I’ve updated the SSL settings in that file:

# SSL options
# Enable SSL on normal ports
sslOnNormalPorts = true
# SSL Key file and password
sslPEMKeyFile = /etc/ssl/mongodb.pem
sslPEMKeyPassword = PASSWORD

I’m able to access mongo via mongo shell using:

mongo --ssl --sslCAFile /etc/ssl/rootCA.pem --sslPEMKeyFile /etc/ssl/mongodb.pem --host localhost

I want to connect MongoDB using Java driver. I initially tried the following JDBC connection string:

mongodb://USER:PASSWORD@localhost:27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl/mongodb.pem

but as per documentation, there are no such options available. Also, I get error:

The connection string contains an invalid host 'localhost:27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl'. The port '27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl' is not a valid, it must be an integer between 0 and 65535

And when I try with the following connection string:

url=mongodb://USER:PASSWORD@localhost:27017/?ssl=true

I get following error:

com.mongodb.MongoSocketWriteException: Exception sending message
    at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:445) ~[mongo-java-driver-3.5.0.jar:?]
.
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
.
...

Could someone help me with what JDBC connection string I need to configure to connect successfully. Thank you.

Hi @Jitin_Dominic

Have you had a look at the Enable TLS/SSL on a Connection documentation? It should explain the basics of setting up a TLS connection to MongoDB from a Java application.

Regards,
Jeff

@Jeffrey_Yemin

The documentation that you’ve shared is related to v4.7. And I’m using v3.6, so I’ve followed the this documentation

There is Java driver-specific TLS docs for 3.6 at TLS/SSL. As all the configuration is delegate to the JVM, it hasn’t really changed since then.

@Jeffrey_Yemin
Sorry, I was out for couple of weeks. So I setup a MongoDB v4.4. Tried with new Java driver v3.12.11. Updated my connection URI to mongodb://localhost:27017/?ssl=true&tlsCertificateKeyFile=/etc/ssl/mongodb.pem&tlsCAFile=/etc/ssl/rootCA.pem

Also imported pem files using keytool but I still get the same error.