MongoDB-SSL连接问题

Question

OS version - ubuntu 12.04
MongoDB version - 3.2.5
Mongoose version - 4.10.8
Steps to generate SSL certificate:
1. openssl req -newkey rsa:2048 -new -x509 -days 3650 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
2. cat mongodb-cert.key mongodb-cert.crt > mongodb.pem

Start mongo server
mongo.conf

net:  
  port: 10023  
  bindIp: 10.x.x.x   
  ssl:  
    mode: allowSSL  
    PEMKeyFile: /etc/ssl/mongodb.pem  
    CAFile: /etc/ssl/mongodb-cert.crt

This works fine when i connect via mongo client.
mongo --ssl --host 10.xxx --port 10023 --sslCAFile mongodb-cert.crt --sslPEMKeyFile mongodb.pem

But it throws error with mongoose

    var mongoose = require('mongoose');   
    var fs = require('fs');   
    var ca = fs.readFileSync("./mongodb-cert.crt");   
    var key = fs.readFileSync("./mongodb.pem");   
    var cert = fs.readFileSync("./mongodb-cert.crt");   
    mongoose.connect('mongodb://10.x.x.x:10023' + '/' + 'DBName' + '?ssl=true',  
    {
        server: {
            sslValidate: true,
            sslCa: ca,
            sslKey: key,
            sslCert: cert
        }
    }
);

{ name: 'MongoError', message: 'self signed certificate' }

Answer 1

I guess you have used the procedure from https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication - my best guess is that you should NOT specify the sslCA parameter when using a self-signed certificate.

sslCA should only be used when you are referring to a Certificate Authority that issued the certificate specified in sslCert .