MongoDB connection URI for SSL - mongodb

I'm working on JDK8 and using mongo-java-driver(v3.5.0) to connect MongoDB(v3.6.3).
I've enabled SSL by following this article. I don't have /etc/mongod.conf file, instead I've /etc/mongodb.conf file; so I've updated the SSL settings in that file:
# SSL options
# Enable SSL on normal ports
sslOnNormalPorts = true
# SSL Key file and password
sslPEMKeyFile = /etc/ssl/mongodb.pem
sslPEMKeyPassword = PASSWORD
I'm able to access mongo via mongo shell using:
mongo --ssl --sslCAFile /etc/ssl/rootCA.pem --sslPEMKeyFile /etc/ssl/mongodb.pem --host localhost
I want to connect MongoDB using Java driver. I initially tried the following JDBC connection string:
mongodb://USER:PASSWORD#localhost:27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl/mongodb.pem
but as per documentation, there are no such options available. Also, I get error:
The connection string contains an invalid host 'localhost:27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl'. The port '27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl' is not a valid, it must be an integer between 0 and 65535
And when I try with the following connection string:
url=mongodb://USER:PASSWORD#localhost:27017/?ssl=true
I get following error:
com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:445) ~[mongo-java-driver-3.5.0.jar:?]
.
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
.
...
Here's the code that I've used:
String url = "mongodb://USER:PASSWORD#localhost/?authSource=admin&ssl=true"
MongoClientURI connectionURI = new MongoClientURI(url)
mongoClient = new MongoClient(connectionURI)
Could someone help me with what JDBC connection string I need to configure to connect successfully. Thank you.

Related

How to connect the Rust MongoDB driver with Invalid Tls Certificates?

I'm unable to connect to the MongoDB with Tls Allow Invalid Certificate option with the Rust driver.
let uri = "MongoDB://user:pwd#host:port/database_name?tls=true&tlsAllowInvalidCertificates=true"
let client_options = ClientOptions::parse(uri)?;
let client = Client::with_options(client_options).expect("");
let db = client.database("database_name");
I can see that the client_options has correctly parsed the uri with:
tls: Some(Enabled(TlsOptions{allow_invalid_certificates: Some(true) ...}))
However I get the following non-recoverable error:
Error: invalid peer certificate contents: invalid peer certificate: UnsupportedCertVersion
Server MongoDB: 4.2.18
Client Mongosh: 1.5.0
Rust Driver: 2.3.0
P.s. I'm able to connect to MongoDB by the mongosh shell with the following command:
mongosh server_dns:server_port/database_name -u username -p --tls --tlsAllowInvalidCertificates
(It's also possible to connect with described options with pymongo)
What solved the issue was to add the feature "openssl-tls" to Cargo.toml
[dependencies.mongodb]
version = "2.3.0"
default-features = false
features = ["openssl-tls"]

Cannot connect to my PostgreSQL server remotely from chainlink node terminal

I have tried everyting to connect my Chainlink node up to my postgresql database with no luck. I have scoured the interwebs for answers to no avail...
Here is the error message I am receiving:
[ERROR] failed to initialize database, got error failed to connect to `host=/tmp user=root database=`: dial error (dial unix /tmp/.s.PGSQL.5432: connect: no such file or directory)
Here is my .env file:
ROOT=/chainlink
LOG_LEVEL=debug
ETH_CHAIN_ID=42
MIN_OUTGOING_CONFIRMATIONS=2
LINK_CONTRACT_ADDRESS=0xa36085F69e2889c224210F603D836748e7dC0088
CHAINLINK_TLS_PORT=0
SECURE_COOKIES=false
GAS_UPDATER_ENABLED=true
ALLOW_ORIGINS=*
ETH_URL=wss://kovan.infura.io/ws/v3/id...
DATABASE_URL=https://chainlink-db-url://postgres:Password#chainlink-kovan:5432
I have tried every configuration of the connection string. Also I am able to connect to the db via pgAdmin no problem and the dbs are publicaly accessible.
The postgresql database is on AWS.
Please change the syntax of your DATABASE_URL to:
DATABASE_URL=postgresql://"username":"password"#"public-ip-pg-server":5432/"database-name"
just change:
"username" : you need to configure a new user, because the default/admin user postgres will not work for it.
"password" : password of the user
"public-ip-pg-server" : the public ip address of your postgresql-server
"database-name" : the name of your database
PS: delete all " in your syntax (;
Here is the link to the official documentation: https://docs.chain.link/docs/connecting-to-a-remote-database/

OpsManager Application can't connect to opsmanager database with SSL/TLS enabled

I have implemented a opsmanager database as replica set..based on below steps
https://www.percona.com/blog/2018/05/31/mongodb-deploy-replica-set-with-transport-encryption-part-3/
Now I have created a instance for opsmanager application,now i want to connect to database.
For this I have mentioned the cert pem file in conf-mms.properties.
When I start the application,during pre-flight check I am getting this error
Failed to refresh database properties
com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=x.x.x.x:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
I have given the .crt and .pem file in /home/ubuntu which i generated and got from database CA..
But the error says unable to find valid certificate path.
I suspect below issues:
1.while giving CN in database instance openssl,i have used ip-x-x-x as hosts
Now in conf.proerties i have mentioned the ips
2.This way I can connect between each database instance
3.In mongodb.ssl.CAFile i have given the .crt file,is this correct?
sudo mongo "mongodb://ip-x-x-x-x:27017" \
--tlsCertificateKeyFile /etc/mongodb/ssl/psmdb1.pem \
--tls \
--tlsCAFile /etc/mongodb/ssl/mongoCA.crt
Kindly support to solve this issue
Issue is solved. In ops manager config file for mongodb.ssl.CAFile parameter I have wrongly used the certificate, Should use the CA authority which I got first.

How Do We Connect Corda To Azure PostgreSQL?

I am trying to connect Corda 4.1 (open source) to Azure PostgreSQL.
With the following in the node.conf:
dataSourceProperties = {
dataSourceClassName = "org.postgresql.ds.PGSimpleDataSource"
dataSource.url = "jdbc:postgresql://my-dev-corda-db.postgres.database.azure.com:5432/banks"
dataSource.user = "me#my-dev-corda-db"
dataSource.password = Password
}
It throws the error:
[ERROR] 2019-08-08T23:44:45,301Z [main] internal.NodeStartupLogging.invoke - Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.: Could not connect to the
database. Please check your JDBC connection URL, or the connectivity to the database. [errorCode=uz1y94, moreInformationAt=https://errors.corda.net/OS/4.1/uz1y94]
net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException: Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.
....
....
Suppressed: org.postgresql.util.PSQLException: FATAL: SSL connection is required. Please specify SSL options and retry.
...
So I add ssl=true to the url:
dataSource.url = "jdbc:postgresql://my-dev-corda-db.postgres.database.azure.com:5432/banks?ssl=true"
and it throws the error:
[ERROR] 2019-08-08T23:49:45,409Z [main] internal.NodeStartupLogging.invoke - Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.: Could not connect to the
database. Please check your JDBC connection URL, or the connectivity to the database. [errorCode=17q5mal, moreInformationAt=https://errors.corda.net/OS/4.1/17q5mal]
net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException: Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.
...
...
Caused by: com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: Could not open SSL root certificate file /home/corda/.postgresql/root.crt.
...
Caused by: org.postgresql.util.PSQLException: Could not open SSL root certificate file /home/corda/.postgresql/root.crt.
...
I then tried setting the sslmode=require:
dataSource.url = "jdbc:postgresql://my-dev-corda-db.postgres.database.azure.com:5432/banks?ssl=true&sslmode=require"
which then errors with:
[ERROR] 2019-08-08T23:53:38,323Z [main] internal.NodeStartupLogging.invoke - Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.: Could not connect to the
database. Please check your JDBC connection URL, or the connectivity to the database. [errorCode=uz1y94, moreInformationAt=https://errors.corda.net/OS/4.1/uz1y94]
net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException: Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.
...
...
Caused by: com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: FATAL: no pg_hba.conf entry for host "57.211.24.3", user "me", database "banks", SSL on
at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:512) ~[HikariCP-2.5.1.jar:?]
...
Caused by: org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "57.211.24.3", user "me", database "banks", SSL on
...
What are the full correct steps to use Azure PostgreSQL with Corda?
When you connect from Internet to Azure PostgreSQL you need to enable your IP in the server's firewall, see: https://learn.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules#connecting-from-the-internet.
You can do it simply from Azure portal - go to Connection Security and Add Client IP (if you don't have a static IP, then you need to repeat it each time).
For JDBC connection settings only ?sslmode=require is needed, so in your node configuration use:
dataSource.url = "jdbc:postgresql://my-dev-corda-db.postgres.database.azure.com:5432/banks?sslmode=require"

How can I write a query to connect mongodb?

I have installed mongodb in different server. I have modified my old code
db: 'mongodb://localhost/dev',
to new code
my username : proUseAdd
password : mongodb#23
ip : 169.213.64.127
I modified like this
db: 'mongodb://proUseAdd:mongodb#23#169.213.64.127:27017/dav',
I am getting this error
Could not connect to MongoDB!
Error: failed to connect to
[23#169.213.64.127:27017]
UPDATE
i have tried changed my password:mongodb23
query strin:
db: 'mongodb://proUseAdd:mongodb23#169.213.64.127:27017/dav',
still i'm getting error
Could not connect to MongoDB!
Error: failed to connect to
[169.213.64.127:27017]
Change your password to something which doesn't contain #.
While parsing your connection string, MongoDB driver looks for the # character to separate your credentials and the host name. Since your password has an # in it, it recognizes your credentials as proUseAdd:mongodb and your host name as 23#169.213.64.127:27017.