We’ve enabled TLS certificate in mongod instance. When connecting through mongosh… we’re using tls specific parameters (like tls, tlsAllowInvalidHostnames, tlsCAFile, tlsCertificateKeyFile) and the connectivity is getting established as expected. Usage of tlsAllowInvalidHostnames helps us skip hostname check (as we run mongod in Kubernetes cluster and there is a conflict with hostname) but still we want to continue validating TLS certificate.
Whereas when we use the same connectiion string with other utilities (like mongoexport), we get below error:
WARNING: ignoring unsupported URI parameter ‘tlsallowinvalidhostnames’
tls: failed to verify certificate: x509: cannot validate certificate for xx.xx.xx.xx because it doesn’t contain any IP SANs
Upon further exploration, I observed the only option was to use tlsInsecure which would bypass both server certificate chain and host name validation. If there is an alternative to only skip host name check, please advise.
Thanks.