[英]Dumping mongodb error: error dialing cluster0-shard-00-00.fklgt.mongodb.net:27017: SSL errors: SSL routines:ssl3_get_server_certificate:certificate
I usually dump my mongodb database using this command and it works perfectly:我通常使用这个命令转储我的 mongodb 数据库,它工作得很好:
mongodump --uri mongodb+srv://name:password@cluster0.fklgt.mongodb.net/database_name --archive="dump-copy-name" --forceTableScan
However, I have been trying to dump different databases and it just keeps logging this:但是,我一直在尝试转储不同的数据库,它只是不断记录:
2021-06-21T18:43:39.206+0100 error dialing cluster0-shard-00-00.fklgt.mongodb.net:27017: SSL errors: SSL routines:ssl3_get_server_certificate:certificate verify failed
2021-06-21T18:43:39.206+0100 错误拨号 cluster0-shard-00-00.fklgt.mongodb.net:27017:SSL 错误:SSL 例程:ssl3_get_server_certificate:证书验证失败
Any idea what's going-on?知道发生了什么吗?
The mongodump tool does not implicitly trust your system certificate store. mongodump 工具不会隐式信任您的系统证书存储。 You will need to pass it the root CA certificate so that it can validate the cluster's certificate.
您需要将根 CA 证书传递给它,以便它可以验证集群的证书。
To find out which certificate is the root, use openssl:要找出哪个证书是根证书,请使用 openssl:
openssl s_client -connect cluster0-shard-00-00.fklgt.mongodb.net:27017
The output should include a certificate chain
section like:输出应包括一个
certificate chain
部分,如:
---
Certificate chain
0 s:/C=US/ST=New York/L=New York/O=MongoDB, Inc./CN=*.mongodb.com
i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
(this is an example, test with your cluster to get the real certificates) (这是一个例子,用你的集群测试以获得真正的证书)
The highest numbered certificate in the chain should be the root.链中编号最高的证书应该是根证书。 Once you have that, google for the
CN
part (in my example that was "DigiCert SHA2 Secure Server CA"), and you should find a link to download the certificate.一旦你有了它,谷歌搜索
CN
部分(在我的例子中是“DigiCert SHA2 Secure Server CA”),你应该找到一个下载证书的链接。
The root should be one of the two listed here: https://docs.atlas.mongodb.com/reference/faq/security/#hard-coded-certificate-authority根应该是此处列出的两个之一: https : //docs.atlas.mongodb.com/reference/faq/security/#hard-coded-certificate-authority
Once you have the root certificate in .pem format, use the command line option --sslCAFile=<filename>
to pass it to mongodump.获得 .pem 格式的根证书后,使用命令行选项
--sslCAFile=<filename>
将其传递给 mongodump。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.