[英]MongoDB - SSL connection issues
OS version - ubuntu 12.04 作业系统版本-Ubuntu 12.04
MongoDB version - 3.2.5 MongoDB版本-3.2.5
Mongoose version - 4.10.8 猫鼬版本-4.10.8
Steps to generate SSL certificate: 生成SSL证书的步骤:
1. openssl req -newkey rsa:2048 -new -x509 -days 3650 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key 1. openssl req -newkey rsa:2048 -new -x509 -days 3650 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
2. cat mongodb-cert.key mongodb-cert.crt > mongodb.pem 2. cat mongodb-cert.key mongodb-cert.crt> mongodb.pem
Start mongo server 启动mongo服务器
mongo.conf mongo.conf
net:
port: 10023
bindIp: 10.x.x.x
ssl:
mode: allowSSL
PEMKeyFile: /etc/ssl/mongodb.pem
CAFile: /etc/ssl/mongodb-cert.crt
This works fine when i connect via mongo client. 当我通过mongo客户端连接时,此方法工作正常。
mongo --ssl --host 10.xxx --port 10023 --sslCAFile mongodb-cert.crt --sslPEMKeyFile mongodb.pem mongo --ssl-主机10.xxx-端口10023 --sslCAFile mongodb-cert.crt --sslPEMKeyFile mongodb.pem
But it throws error with mongoose 但是它会导致猫鼬错误
var mongoose = require('mongoose');
var fs = require('fs');
var ca = fs.readFileSync("./mongodb-cert.crt");
var key = fs.readFileSync("./mongodb.pem");
var cert = fs.readFileSync("./mongodb-cert.crt");
mongoose.connect('mongodb://10.x.x.x:10023' + '/' + 'DBName' + '?ssl=true',
{
server: {
sslValidate: true,
sslCa: ca,
sslKey: key,
sslCert: cert
}
}
);
{ name: 'MongoError', message: 'self signed certificate' } {名称:'MongoError',消息:'自签名证书'}
I guess you have used the procedure from https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication - my best guess is that you should NOT specify the sslCA
parameter when using a self-signed certificate. 我猜您已经使用了https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication中的过程-我的最佳猜测是,在使用自签名证书时,您不应该指定sslCA
参数。
sslCA
should only be used when you are referring to a Certificate Authority that issued the certificate specified in sslCert
. sslCA
当你指的是发行中规定的证书认证机构,才应使用sslCert
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.