Unable to force clusterAuthMode: sendKeyFile between nodes

Hi all, I’m new in this community, i hope I created this topic in the right category.

I recently needed to deploy a 3-nodes ReplicaSet and my configuration file is something like this:


      port: XXXXX
      bindIp: XXXXX
        mode: requireTLS
        certificateKeyFile: /mongo/tls/mongo01.pem
        CAFile: /mongo/tls/ca.pem
        allowConnectionsWithoutCertificates: true
        disabledProtocols: TLS1_0,TLS1_1


      authorization: enabled
      keyFile: /mongo/tls/member.key
      authenticationMechanisms: [SCRAM-SHA-1,SCRAM-SHA-256]
      clusterAuthMode: keyFile



I have also created a mongo0X.pem file for every server, as you can notice in the certificateKeyFile flag, every signed by the same internal root CA (ca.pem file).

When I try to start my mongod instances, despite the presence of ‘clusterAuthMode: keyFile’ (that I supposed it should force in some way the usage of the keyfile ONLY), the servers still check each other’s certificate (that i only want to be used by clients to verify the servers’ identities).
This procedure fails because i did not insert the ‘TLS Web Client Authentication’ setting in the certificate itself (returning a SSL invalid certificate purpose).

So my question is, why does MongoDB tries to validate the “between servers” certificates even though I told him not to?
What am I doing wrong/misunderstanding?

Any help is appreciated. :slight_smile:

No one can help me? If more specifications are needed let me know.