I have implemented a opsmanager database as replica set..based on below steps
https://www.percona.com/blog/2018/05/31/mongodb-deploy-replica-set-with-transport-encryption-part-3/
Now I have created a instance for opsmanager application,now i want to connect to database.
For this I have mentioned the cert pem file in conf-mms.properties.
When I start the application,during pre-flight check I am getting this error
Failed to refresh database properties
com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=x.x.x.x:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
I have given the .crt and .pem file in /home/ubuntu which i generated and got from database CA..
But the error says unable to find valid certificate path.
I suspect below issues:
1.while giving CN in database instance openssl,i have used ip-x-x-x as hosts
Now in conf.proerties i have mentioned the ips
2.This way I can connect between each database instance
3.In mongodb.ssl.CAFile i have given the .crt file,is this correct?
sudo mongo "mongodb://ip-x-x-x-x:27017" \
--tlsCertificateKeyFile /etc/mongodb/ssl/psmdb1.pem \
--tls \
--tlsCAFile /etc/mongodb/ssl/mongoCA.crt
Kindly support to solve this issue
Issue is solved. In ops manager config file for mongodb.ssl.CAFile parameter I have wrongly used the certificate, Should use the CA authority which I got first.
Related
I'm working on JDK8 and using mongo-java-driver(v3.5.0) to connect MongoDB(v3.6.3).
I've enabled SSL by following this article. I don't have /etc/mongod.conf file, instead I've /etc/mongodb.conf file; so I've updated the SSL settings in that file:
# SSL options
# Enable SSL on normal ports
sslOnNormalPorts = true
# SSL Key file and password
sslPEMKeyFile = /etc/ssl/mongodb.pem
sslPEMKeyPassword = PASSWORD
I'm able to access mongo via mongo shell using:
mongo --ssl --sslCAFile /etc/ssl/rootCA.pem --sslPEMKeyFile /etc/ssl/mongodb.pem --host localhost
I want to connect MongoDB using Java driver. I initially tried the following JDBC connection string:
mongodb://USER:PASSWORD#localhost:27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl/mongodb.pem
but as per documentation, there are no such options available. Also, I get error:
The connection string contains an invalid host 'localhost:27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl'. The port '27017/?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=/etc/ssl' is not a valid, it must be an integer between 0 and 65535
And when I try with the following connection string:
url=mongodb://USER:PASSWORD#localhost:27017/?ssl=true
I get following error:
com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:445) ~[mongo-java-driver-3.5.0.jar:?]
.
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
.
...
Here's the code that I've used:
String url = "mongodb://USER:PASSWORD#localhost/?authSource=admin&ssl=true"
MongoClientURI connectionURI = new MongoClientURI(url)
mongoClient = new MongoClient(connectionURI)
Could someone help me with what JDBC connection string I need to configure to connect successfully. Thank you.
Not sure if I'm missing anything.
I'm trying to create a local connection in order to create a new user in Oracle SQL developer 12c. (AVOIDING CDB connection)
After browsing for an hour, came across 2 methods.
Using connection type as "Local/Bequeath"
Throws following error (Status : Failure -Test failed: ORA-01017: invalid username/password; logon denied)
Using connection type as "Basic", Hostname as "localhost", Port as "1521", and Service name as "XEPDB1"
Throws following error (Status : Failure -Test failed: Listener refused the connection with the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor)
Thanks.
Issue while connecting to Postgres/Greenplum.
org.postgresql.util.PSQLException: An error occurred while setting up the GSS Encoded connection.
I am using same connection file and was working fine till postgres 11/Greenplum v5.0
PostgreSQL 12 and later now allow GSSAPI encrypted connections. This parameter controls whether to enforce using GSSAPI encryption or not.
If encryption is not configured, should be disabled by setting JDBC connection parameter
gssEncMode=disable
Ref: https://www.ibm.com/support/pages/node/6323207
I am trying to connect Corda 4.1 (open source) to Azure PostgreSQL.
With the following in the node.conf:
dataSourceProperties = {
dataSourceClassName = "org.postgresql.ds.PGSimpleDataSource"
dataSource.url = "jdbc:postgresql://my-dev-corda-db.postgres.database.azure.com:5432/banks"
dataSource.user = "me#my-dev-corda-db"
dataSource.password = Password
}
It throws the error:
[ERROR] 2019-08-08T23:44:45,301Z [main] internal.NodeStartupLogging.invoke - Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.: Could not connect to the
database. Please check your JDBC connection URL, or the connectivity to the database. [errorCode=uz1y94, moreInformationAt=https://errors.corda.net/OS/4.1/uz1y94]
net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException: Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.
....
....
Suppressed: org.postgresql.util.PSQLException: FATAL: SSL connection is required. Please specify SSL options and retry.
...
So I add ssl=true to the url:
dataSource.url = "jdbc:postgresql://my-dev-corda-db.postgres.database.azure.com:5432/banks?ssl=true"
and it throws the error:
[ERROR] 2019-08-08T23:49:45,409Z [main] internal.NodeStartupLogging.invoke - Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.: Could not connect to the
database. Please check your JDBC connection URL, or the connectivity to the database. [errorCode=17q5mal, moreInformationAt=https://errors.corda.net/OS/4.1/17q5mal]
net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException: Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.
...
...
Caused by: com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: Could not open SSL root certificate file /home/corda/.postgresql/root.crt.
...
Caused by: org.postgresql.util.PSQLException: Could not open SSL root certificate file /home/corda/.postgresql/root.crt.
...
I then tried setting the sslmode=require:
dataSource.url = "jdbc:postgresql://my-dev-corda-db.postgres.database.azure.com:5432/banks?ssl=true&sslmode=require"
which then errors with:
[ERROR] 2019-08-08T23:53:38,323Z [main] internal.NodeStartupLogging.invoke - Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.: Could not connect to the
database. Please check your JDBC connection URL, or the connectivity to the database. [errorCode=uz1y94, moreInformationAt=https://errors.corda.net/OS/4.1/uz1y94]
net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException: Could not connect to the database. Please check your JDBC connection URL, or the connectivity to the database.
...
...
Caused by: com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: FATAL: no pg_hba.conf entry for host "57.211.24.3", user "me", database "banks", SSL on
at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:512) ~[HikariCP-2.5.1.jar:?]
...
Caused by: org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "57.211.24.3", user "me", database "banks", SSL on
...
What are the full correct steps to use Azure PostgreSQL with Corda?
When you connect from Internet to Azure PostgreSQL you need to enable your IP in the server's firewall, see: https://learn.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules#connecting-from-the-internet.
You can do it simply from Azure portal - go to Connection Security and Add Client IP (if you don't have a static IP, then you need to repeat it each time).
For JDBC connection settings only ?sslmode=require is needed, so in your node configuration use:
dataSource.url = "jdbc:postgresql://my-dev-corda-db.postgres.database.azure.com:5432/banks?sslmode=require"
After following the instructions from the following official reference "Use the Azure Cosmos DB Emulator for local development and testing", we attempted to connect to MongoDb using MongoChef using the connection string pasted below:
mongodb://localhost:C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==#localhost:10255/admin?ssl=true
But when we test the connection through MongoChef we get the error pasted below:
Connection failed.
SERVER [localhost:10255] (Type: UNKNOWN)
|_/ Connection error (MongoSocketOpenException): Exception opening socket
|____/ Socket error: Connection refused: connect
Details:
Timed out after 30000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=localhost:27018, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketOpenException: Exception opening socket}, caused by {java.net.ConnectException: Connection refused: connect}}]
If we check the ports currently in use on our system, we do not see 10255 being used at all.
Could someone please help us understand what's wrong here.
The connection string is correct. Studio 3T has a very nasty bug - when you use From URI function while creating new connection it cuts the "+" characters that are present in the key, that's why you need to copy the key manually to the corresponding field in connection properties.
Also, make sure the Emulator is actually launched (tray area icon should be present).