堆栈内存溢出
  简体   繁体   English

转储 mongodb 错误:错误拨号 cluster0-shard-00-00.fklgt.mongodb.net:27017:SSL 错误:SSL 例程:ssl3_get_server_certificate:certificate

[英]Dumping mongodb error: error dialing cluster0-shard-00-00.fklgt.mongodb.net:27017: SSL errors: SSL routines:ssl3_get_server_certificate:certificate

 原文  2021-06-21 17:47:01       mongodb/ ssl/ mongoose/ mongodb-atlas/ mongodump

问题描述

I usually dump my mongodb database using this command and it works perfectly:我通常使用这个命令转储我的 mongodb 数据库,它工作得很好:

mongodump --uri mongodb+srv://name:password@cluster0.fklgt.mongodb.net/database_name --archive="dump-copy-name" --forceTableScan

However, I have been trying to dump different databases and it just keeps logging this:但是,我一直在尝试转储不同的数据库,它只是不断记录:

2021-06-21T18:43:39.206+0100 error dialing cluster0-shard-00-00.fklgt.mongodb.net:27017: SSL errors: SSL routines:ssl3_get_server_certificate:certificate verify failed 2021-06-21T18:43:39.206+0100 错误拨号 cluster0-shard-00-00.fklgt.mongodb.net:27017:SSL 错误:SSL 例程:ssl3_get_server_certificate:证书验证失败

Any idea what's going-on?知道发生了什么吗?

1 个解决方案

解决方案1
 1 已采纳  2021-06-22 00:47:29

The mongodump tool does not implicitly trust your system certificate store. mongodump 工具不会隐式信任您的系统证书存储。 You will need to pass it the root CA certificate so that it can validate the cluster's certificate.您需要将根 CA 证书传递给它,以便它可以验证集群的证书。

To find out which certificate is the root, use openssl:要找出哪个证书是根证书,请使用 openssl:

openssl s_client -connect cluster0-shard-00-00.fklgt.mongodb.net:27017

The output should include a certificate chain section like:输出应包括一个certificate chain部分,如:

---
Certificate chain
 0 s:/C=US/ST=New York/L=New York/O=MongoDB, Inc./CN=*.mongodb.com
   i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---

(this is an example, test with your cluster to get the real certificates) (这是一个例子,用你的集群测试以获得真正的证书)

The highest numbered certificate in the chain should be the root.链中编号最高的证书应该是根证书。 Once you have that, google for the CN part (in my example that was "DigiCert SHA2 Secure Server CA"), and you should find a link to download the certificate.一旦你有了它,谷歌搜索CN部分(在我的例子中是“DigiCert SHA2 Secure Server CA”),你应该找到一个下载证书的链接。

The root should be one of the two listed here: https://docs.atlas.mongodb.com/reference/faq/security/#hard-coded-certificate-authority根应该是此处列出的两个之一: https : //docs.atlas.mongodb.com/reference/faq/security/#hard-coded-certificate-authority

Once you have the root certificate in .pem format, use the command line option --sslCAFile=<filename> to pass it to mongodump.获得 .pem 格式的根证书后,使用命令行选项--sslCAFile=<filename>将其传递给 mongodump。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 找不到合适的服务器(设置了serverSelectionTryOnce):[TLS握手失败:错误:14090086:SSL例程:ssl3_get_server_certificate - No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate MongoNetworkError:第一次连接时无法连接到服务器 [cluster0-shard-00-02.aprzj.gcp.mongodb.net:27017] - MongoNetworkError: failed to connect to server [cluster0-shard-00-02.aprzj.gcp.mongodb.net:27017] on first connect Parse + mongodb + SSL:“没有同行提供的SSL证书” - Parse + mongodb + SSL: “no SSL certificate provided by peer” MongoDB 未启动,报告错误 SSL 证书尚未过期 - MongoDB not starting, reports error with SSL certificate that is not yet expired MongoDB SSL 与自签名证书的连接 - MongoDB SSL connection with self signed certificate 无法连接到 mongodb,ssl 错误,超时错误 - Unable to connect to mongodb, ssl error, timeout errors hapi-mongodb中的SSL CA证书详细信息 - SSL CA certificate details in hapi-mongodb 在 Julia 中使用 SSL 证书连接到 Mongodb - Connect to Mongodb using SSL certificate in Julia MongoDB SSL 副本设置问题 - 不支持的证书 - MongoDB SSL Replica setup issues - Unsupported Certificate MongoDB C#SSL客户端证书 - MongoDB C# SSL Client Certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM