Hi, troubelshooting a migration test using mongomirror but misunderstanding the keystore requirements (rhel/centos)
I’ve generated a test authority as per: https://www.mongodb.com/docs/manual/appendix/security/appendixA-openssl-ca/
- SSL has been configured at each destination host, and
- connections are being opened OK, (using mode
allowSSL
)
however for all destination nodes mongomirror is reporting
x509: certificate signed by unknown authority
detail
Error initializing mongomirror: could not initialize destination connection: could not connect to server: server selection error: server selection timeout, current topology: { Type: ReplicaSetNoPrimary, Servers: [{ Addr: <ip>:27017, Type: Unknown, Last error: connection() error occured during connection handshake: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authoritycertificate "TestCertificateOrgName") }, { Addr: <ip>:27017, Type: Unknown, Last error: connection() error occured during connection handshake: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "TestCertificateOrgName") },
Because tls connections are forming OK (mongod is reading and presenting PEMKeyFile
and CAFile
, however, is appears that mongomirror is not reading these. What I’m looking for (I think) is to be able to specify the keys as args for the destination nodes.
I appreciate this is partly due to not sending to mongo atlas however we do want to run this scenario where the destination is tls/ssl authenticated when using mongomirror
(related subcomment: mongodb - Mongomirror from atlas to local replica setup - Stack Overflow )