Mongorestore error: "tls: private key does not match public key"

Joel_J · December 5, 2021, 10:49am

Hi,

I have set up a mongodb sharded cluster on debian 10 on the port 28000 which is the mongos. I am trying to use mongodump and mongorestore and I am getting the error “error connecting to host: error configuring the connector: error configuring client, can't load client certificate: tls: private key does not match public key”.

The .pems I use are the same that I use successfully to connect within my nodejs app, mongosh, compass. However, it doesn’t work with mongodump & mongorestore.

This is the command i use, for example for mongorestore:

mongorestore --drop --preserveUUID --maintainInsertionOrder --stopOnError --uri="mongodb://myserver.mydomain.com:28000" --ssl --sslPEMKeyFile="/player22/shared/ssl/cert-plus-key-decrypted.pem" --sslCAFile="/player22/shared/ssl/ca.pem" --username="backupUser" --password="<removed>" --authenticationDatabase="admin" --gzip --archive="toto.gz"

Do you know what is wrong? And what could make the same keys refused by mongorestore, but accepted by nodejs driver, mongosh, compass?

Regards.

Joel_J · December 5, 2021, 11:05am

Edit: I have found this question with a similar issue, but no answer: https://stackoverflow.com/questions/66581250/getting-issue-while-taking-mongodump4-4

Joel_J · December 5, 2021, 6:57pm

Edit: This is the mongos.conf I use to start the mongos instance. The ssl .pem files are the same that I use for mongodump/mongorestore, and that I use to connect successfully with other mongodb clients. I also forgot to precise that I use the latest stable version of everything.

# ***** mongos.conf for mongos node *****
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# ***************************************
# + db node name: "node-mongos-mongos1"
# + creation date: "Sun 05 Dec 2021 08:26:48 AM UTC"
# ***************************************

# logging
systemLog:
    destination: file
    logAppend: true
    path: /player22/db/nodes/node-mongos-mongos1/log/mongos.log

# network interface
net:
    port: 28000
    bindIpAll: true

# how the process runs
processManagement:
    timeZoneInfo: /usr/share/zoneinfo

# authentication
security:
    keyFile: /player22/db/shared/config/mongodb.key

# sharding
sharding:
    configDB: rscfgsvr1/linode1.player22.com:28001

# profiling
operationProfiling:
    # the slow operation time threshold, in milliseconds. Operations that run for longer than this threshold are considered slow.
    slowOpThresholdMs: 100
    # the fraction of slow operations that should be profiled or logged. operationProfiling.slowOpSampleRate accepts values between 0 and 1, inclusive.
    slowOpSampleRate: 1

# ssl
net:
   tls:
      mode: requireTLS
      certificateKeyFile: /player22/shared/ssl/cert-plus-key-decrypted.pem # ssl enabled between server nodes
      CAFile: /player22/shared/ssl/ca.pem # server also requires certificate from client

Joel_J · December 6, 2021, 2:10pm

I found out it’s a mongodb bug. I’m not asking an answer on the forum any more.

system · December 11, 2021, 2:10pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.