I have Hyperledger Fabric (1.3) network which had expired certificates.
I was not able to execute peer chaincode commands.
I have generated certificates using same ca server and replaced. Now I am able to run query commands but still getting following error on peer for invoke,
2022-11-23 15:07:01.440 UTC [grpc] createTransport -> DEBU 0be grpc:
addrConn.createTransport failed to connect to {orderer1:7050 0 <nil>}. Err :connection error:
desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
Kindly help. Any suggestion will be appreciated.
I am trying to deploy MongoDB BI-Connector (mongosqld) as a service to connect Power-BI to a MongoDB hosted in OVH cloud service. But when trying to launch the service and request a connection this error appeared :
[initandlisten] connection accepted from ..., but could not initialize: unable to connect to MongoDB: no servers available: server selection error: context deadline exceeded, current topology: { Type: Unknown, Servers: [{ Addr: node1-...database.cloud.ovh.net:..., Type: Unknown, Average RTT: 0, Last error: connection() error occured during connection handshake: SSL errors: 14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed }, ] }
pymongo.errors.ServerSelectionTimeoutError: mflix-shard-00-00.fmraf.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129),mflix-shard-00-02.fmraf.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129),mflix-shard-00-01.fmraf.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129), Timeout: 30s, Topology Description: <TopologyDescription id: 60b1c9b0c4a5874ea362693e, topology_type: ReplicaSetNoPrimary, servers: [<ServerDescription ('mflix-shard-00-00.fmraf.mongodb.net', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('mflix-shard-00-00.fmraf.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')>, <ServerDescription ('mflix-shard-00-01.fmraf.mongodb.net', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('mflix-shard-00-01.fmraf.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')>, <ServerDescription ('mflix-shard-00-02.fmraf.mongodb.net', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('mflix-shard-00-02.fmraf.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')>]>
This is the error it is producing.
I am using FastApi, Motor, and uvicorn to the run server. The database I use is a free cluster provided in Mongo Atlas. It was working fine the last time I updated the server that is 2 days ago, but from yesterday onwards the error is produced. I've tried to update the above mentioned packages as of now.
I am new to mongodb.
I have found a fix that works but I don't if its the best way.
client = motor.motor_asyncio.AsyncIOMotorClient(MONGO_DETAILS)
The above line is how I connected to my cluster. I changed the line to:
client = motor.motor_asyncio.AsyncIOMotorClient(MONGO_DETAILS, tls=True, tlsAllowInvalidCertificates=True)
It works as it did earlier there is no issue.
Anyway I would like to know why this error occurs!
I try to connect to mongo with the following uri:
mongo 'mongodb://mongoadmin:mxmxmxmxm#server:27017/?tls=true&tlsInvalidHostNameAllowed=true&tlsAllowInvalidCertificates=true&authMechanism=SCRAM-SHA-1'
but anyway server validate the certificate:
2020-07-30T09:06:59.250-0400 E NETWORK [js] SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_NOT_TRUSTED; connection rejected
2020-07-30T09:06:59.250-0400 E QUERY [js] Error: couldn't connect to server bcicrtlmongodb001:27017, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_NOT_TRUSTED; connection rejected :
connect#src/mongo/shell/mongo.js:341:17
in the server config file:
-- network interfaces
net:
bindIpAll: true
port: 27017
-- bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/server.pem
CAFile: /etc/ssl/certs/ca.f5.bci.cl.cer
disabledProtocols: TLS1_0,TLS1_1
allowConnectionsWithoutCertificates: true
security:
authorization: enabled
javascriptEnabled: false
setParameter:
enableLocalhostAuthBypass: false
Server and client validate each other's certificates independently.
tlsAllowInvalidCertificates is the client-side option for the client to not validate the server's certificate. It has no effect on whether the server validates the client's certificate, which is configured in server settings.
I have created a docker container with a mongodb image. I created a self-signed certificate for the secure connections to the database following this guide.
I started trying to make a connection with these certificates where rootCA.pem is the self-signed certificate of the computer that will become the certifier, in this case the same. And mongodb.pem is the .key of the server + the .crt.
root#8bc7b8cd6a0d:/# mongo --tls --tlsCAFile /data/db/certs/rootCA.pem --tlsCertificateKeyFile /data/db/certs/mongodb.pem --host 172.17.0.2:27017
MongoDB shell version v4.2.6
connecting to: mongodb://172.17.0.2:27017/?compressors=disabled&gssapiServiceName=mongodb
2020-04-29T09:21:21.255+0000 E QUERY [js] Error: couldn't connect to server 172.17.0.2:27017, connection attempt failed: SocketException: stream truncated :
connect#src/mongo/shell/mongo.js:341:17
#(connect):2:6
2020-04-29T09:21:21.259+0000 F - [main] exception: connect failed
2020-04-29T09:21:21.259+0000 E - [main] exiting with code 1
root#8bc7b8cd6a0d:/#
root#8bc7b8cd6a0d:/# mongo --tls --tlsCAFile /data/db/certs/rootCA.pem --tlsCertificateKeyFile /data/db/certs/mongodb.pem
MongoDB shell version v4.2.6
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
2020-05-05T19:39:52.308+0000 E QUERY [js] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed: SocketException: stream truncated :
connect#src/mongo/shell/mongo.js:341:17
#(connect):2:6
2020-05-05T19:39:52.358+0000 F - [main] exception: connect failed
2020-05-05T19:39:52.359+0000 E - [main] exiting with code 1
root#8bc7b8cd6a0d:/#
The certificates are stored in the following directory, which is in a volume to the container to store the data from the database.
root#auzal-virtual-machine:/opt/mimongo# ls certs
mongodb.crt mongodb.csr mongodb.key mongodb.pem rootCA.key rootCA.pem rootCA.srl
Finally the configuration file is structured in the following way, this file is a copy of the original, I say this in case you see that the name is different from normal:
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
ssl:
mode: requireSSL
PEMKeyFile: /data/db/certs/mongodb.pem
CAFile: /data/db/certs/rootCA.pem
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
I don't know why I get that error, could it be that I am interpreting something wrong with the certificates and not indicating the correct one? What is the error I receive?
reviewing the logs with a statement within the database I get the following error, however this ability in the main configuration file:
Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support.
The authentication you see is from an administrator user but without a certificate
"2020-05-06T21:46:58.796+0000 I NETWORK [conn3] end connection 127.0.0.1:56360 (0 connections now open)",
"2020-05-06T21:47:02.052+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56362 #4 (1 connection now open)",
"2020-05-06T21:47:02.053+0000 I NETWORK [conn4] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56362 (connection id: 4)",
"2020-05-06T21:47:02.053+0000 I NETWORK [conn4] end connection 127.0.0.1:56362 (0 connections now open)",
"2020-05-06T21:47:08.628+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56364 #5 (1 connection now open)",
"2020-05-06T21:47:08.629+0000 I NETWORK [conn5] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56364 (connection id: 5)",
"2020-05-06T21:47:08.629+0000 I NETWORK [conn5] end connection 127.0.0.1:56364 (0 connections now open)",
"2020-05-06T21:47:11.815+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56366 #6 (1 connection now open)",
"2020-05-06T21:47:11.816+0000 I NETWORK [conn6] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56366 (connection id: 6)",
"2020-05-06T21:47:11.817+0000 I NETWORK [conn6] end connection 127.0.0.1:56366 (0 connections now open)",
"2020-05-06T21:47:21.515+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56368 #7 (1 connection now open)",
"2020-05-06T21:47:21.515+0000 I NETWORK [conn7] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56368 (connection id: 7)",
"2020-05-06T21:47:21.516+0000 I NETWORK [conn7] end connection 127.0.0.1:56368 (0 connections now open)",
"2020-05-06T21:50:17.250+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56374 #8 (1 connection now open)",
"2020-05-06T21:50:17.251+0000 I NETWORK [conn8] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56374 (connection id: 8)",
"2020-05-06T21:50:17.251+0000 I NETWORK [conn8] end connection 127.0.0.1:56374 (0 connections now open)",
"2020-05-06T21:51:48.008+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56396 #9 (1 connection now open)",
"2020-05-06T21:51:48.009+0000 I NETWORK [conn9] received client metadata from 127.0.0.1:56396 conn9: { application: { name: \"MongoDB Shell\" }, driver: { name: \"MongoDB Internal Client\", version: \"4.2.6\" }, os: { type: \"Linux\", name: \"Ubuntu\", architecture: \"x86_64\", version: \"18.04\" } }",
"2020-05-06T21:51:54.405+0000 I NETWORK [conn9] end connection 127.0.0.1:56396 (0 connections now open)",
"2020-05-06T21:52:03.681+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56402 #10 (1 connection now open)",
"2020-05-06T21:52:03.682+0000 I NETWORK [conn10] received client metadata from 127.0.0.1:56402 conn10: { application: { name: \"MongoDB Shell\" }, driver: { name: \"MongoDB Internal Client\", version: \"4.2.6\" }, os: { type: \"Linux\", name: \"Ubuntu\", architecture: \"x86_64\", version: \"18.04\" } }",
"2020-05-06T21:52:03.682+0000 I SHARDING [conn10] Marking collection admin.system.users as collection version: <unsharded>",
"2020-05-06T21:52:03.776+0000 I ACCESS [conn10] SASL SCRAM-SHA-256 authentication failed for admin on admin from client 127.0.0.1:56402 ; AuthenticationFailed: SCRAM authentication failed, storedKey mismatch",
"2020-05-06T21:52:03.786+0000 I NETWORK [conn10] end connection 127.0.0.1:56402 (0 connections now open)",
"2020-05-06T21:52:16.138+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56404 #11 (1 connection now open)",
"2020-05-06T21:52:16.139+0000 I NETWORK [conn11] received client metadata from 127.0.0.1:56404 conn11: { application: { name: \"MongoDB Shell\" }, driver: { name: \"MongoDB Internal Client\", version: \"4.2.6\" }, os: { type: \"Linux\", name: \"Ubuntu\", architecture: \"x86_64\", version: \"18.04\" } }",
"2020-05-06T21:52:16.215+0000 I ACCESS [conn11] Successfully authenticated as principal admin on admin from client 127.0.0.1:56404"
],
"ok" : 1
}
> db.adminCommand( { getLog: "global" } )
I followed this guide when creating my certificate. I initially used the certificate created from here but it didn't work. Using the server certificate did the trick.