Hello Everyone,
I have my MongoDB running in Docker in the Amazon Linux EC2 instance in AWS. It has the SSL/TLS Certificate as well. On the Server, I have to add the tlscertificate and CArootfile to open the mongodb.
First question: is it possible to add tls certificate in conf file and restart the mongodb? and if so, how can I add it? and What is the command to restart the mongodb to accept the tls certificate.? Sudo/systemctl doenst work in the docker
Second question: I was able to connect to MongoDB to my local MongoDB compass, Now I am trying to run it on my .NET Core application with those certificates, it doesnt work.
Here is my C# code to
string conn = @"mongodb://abcdef:1234667@ec2instance.compute.amazonaws.com:27017/?tls=true";
var clientSettings = MongoClientSettings.FromUrl(new MongoUrl(conn));
clientSettings.AllowInsecureTls = false;
clientSettings.UseTls = true;
SslSettings sslSettings = new SslSettings
{
EnabledSslProtocols = SslProtocols.Tls12,
ClientCertificates = new[] {
new X509Certificate(@"mongodb.pem"),
new X509Certificate(@"rootCA.crt"),
},
};
clientSettings.SslSettings = sslSettings;
MongoClient client = new MongoClient(clientSettings);
And the error I got is:
{"A timeout occurred after 30000ms selecting a server using CompositeServerSelector
{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector,
LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 }, OperationsCountServerSelector }.
Client view of cluster state is { ClusterId : \"1\", Type : \"Unknown\", State : \"Disconnected\", Servers : [{ ServerId: \"
{ ClusterId : 1, EndPoint : \"Unspecified/ec2-52-28-11-2.eu-central-1.compute.amazonaws.com:27017\" }\",
EndPoint: \"Unspecified/ec2-52-28-11-2.eu-central-1.compute.amazonaws.com:27017\", ReasonChanged: \"Heartbeat\",
State: \"Disconnected\", ServerVersion: , TopologyVersion: , Type: \"Unknown\",
HeartbeatException: \"MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server.\r\n
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain\r\n
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)\r\n
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)\r\n
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)\r\n
at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)\r\n
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)\r\n
at MongoDB.Driver.Core.Connections.SslStreamFactory.CreateStream(EndPoint endPoint, CancellationToken cancellationToken)\r\n
at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelper(CancellationToken cancellationToken)\r\n
--- End of inner exception stack trace ---\r\n
at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelper(CancellationToken cancellationToken)\r\n
at MongoDB.Driver.Core.Connections.BinaryConnection.Open(CancellationToken cancellationToken)\r\n
at MongoDB.Driver.Core.Servers.ServerMonitor.InitializeConnection(CancellationToken cancellationToken)\r\n
at MongoDB.Driver.Core.Servers.ServerMonitor.Heartbeat(CancellationToken cancellationToken)\",
LastHeartbeatTimestamp: \"2022-08-31T14.22.15.1629747Z\", LastUpdateTimestamp: \"2022-08-31T14.22.15.1629749Z\" }] }."}
Any suggestions??