Hi,
I have a springboot java microservice using mongodb driver v3.8.2 to connect to mongodb.
I have followed the mongodb documentation to setup ssl on the server using self signed certificates.
I first created a CA key and certificate pair and then a server key and certificate (with server ip as CN/SAN) usin the CA pair. Did the following settings in mongod.conf
net:
tls:
mode: requireTLS
certificateKeyFile: /home/Azureuser/mongodbselfsignedcert.pem
CAFile: /home/Azureuser/rootCA.pem
allowInvalidHostnames: true
I did the same on client side and created a client cert-key pair using the same CA.
I am able to connect over SSL to this server by specifying command line parameters --ssl --sslCAFile and --sslPEMKeyFile to e.g. a mongoexport and mongostat command that I tried from a client machine.
However, when I tried connecting through the Springboot app using recommended approach of setting up an SSL context and passing it to the MongoCLient instance, the connection never succeeds.
This is how the SSL COntext has been set
-----------------------------------------------------------------------------
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream in = new FileInputStream("C:\\Workspace\\Projects\\DOM-1\\MongoClientKeyCert.jks")) {
keystore.load(in, "p12345".toCharArray());
}
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, "p12345".toCharArray());
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream in = new FileInputStream("C:\\Workspace\\Projects\\DOM-1\\MongoRootKeyCert.jks")) {
trustStore.load(in, "changeit".toCharArray());
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext;
--------------------------------------------------------
I correctly added both the client cert-key pair and the CA cert-key pair to these stores using openssl import command. Still the connection doesn’t work.
I also tried with the JVM System Properties as follows but no luck.
System.setProperty ("javax.net.ssl.trustStore","C:\\Workspace\\Projects\\DOM-1\\MongoRootKeyCert.jks");
System.setProperty ("javax.net.ssl.trustStorePassword","p12345");
System.setProperty ("javax.net.ssl.keyStore","C:\\Workspace\\Projects\\DOM-1\\MongoClientKeyCert.jks");
System.setProperty ("javax.net.ssl.keyStorePassword","p12345");
Any clue what could be going wrong ?
Since the command line connection over SSL is succeeding with the same set of certificates, I believe there is no issue with the certificates.
Thanks
Kalpesh