I have set up a mongodb sharded cluster on debian 10 on the port 28000 which is the mongos. I am trying to use mongodump and mongorestore and I am getting the error “error connecting to host: error configuring the connector: error configuring client, can't load client certificate: tls: private key does not match public key”.
The .pems I use are the same that I use successfully to connect within my nodejs app, mongosh, compass. However, it doesn’t work with mongodump & mongorestore.
This is the command i use, for example for mongorestore:
Edit: This is the mongos.conf I use to start the mongos instance. The ssl .pem files are the same that I use for mongodump/mongorestore, and that I use to connect successfully with other mongodb clients. I also forgot to precise that I use the latest stable version of everything.
# ***** mongos.conf for mongos node *****
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# ***************************************
# + db node name: "node-mongos-mongos1"
# + creation date: "Sun 05 Dec 2021 08:26:48 AM UTC"
# ***************************************
# logging
systemLog:
destination: file
logAppend: true
path: /player22/db/nodes/node-mongos-mongos1/log/mongos.log
# network interface
net:
port: 28000
bindIpAll: true
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
# authentication
security:
keyFile: /player22/db/shared/config/mongodb.key
# sharding
sharding:
configDB: rscfgsvr1/linode1.player22.com:28001
# profiling
operationProfiling:
# the slow operation time threshold, in milliseconds. Operations that run for longer than this threshold are considered slow.
slowOpThresholdMs: 100
# the fraction of slow operations that should be profiled or logged. operationProfiling.slowOpSampleRate accepts values between 0 and 1, inclusive.
slowOpSampleRate: 1
# ssl
net:
tls:
mode: requireTLS
certificateKeyFile: /player22/shared/ssl/cert-plus-key-decrypted.pem # ssl enabled between server nodes
CAFile: /player22/shared/ssl/ca.pem # server also requires certificate from client