I have created a docker container with a mongodb image. I created a self-signed certificate for the secure connections to the database following this guide.
I started trying to make a connection with these certificates where rootCA.pem is the self-signed certificate of the computer that will become the certifier, in this case the same. And mongodb.pem is the .key of the server + the .crt.
root#8bc7b8cd6a0d:/# mongo --tls --tlsCAFile /data/db/certs/rootCA.pem --tlsCertificateKeyFile /data/db/certs/mongodb.pem --host 172.17.0.2:27017
MongoDB shell version v4.2.6
connecting to: mongodb://172.17.0.2:27017/?compressors=disabled&gssapiServiceName=mongodb
2020-04-29T09:21:21.255+0000 E QUERY [js] Error: couldn't connect to server 172.17.0.2:27017, connection attempt failed: SocketException: stream truncated :
connect#src/mongo/shell/mongo.js:341:17
#(connect):2:6
2020-04-29T09:21:21.259+0000 F - [main] exception: connect failed
2020-04-29T09:21:21.259+0000 E - [main] exiting with code 1
root#8bc7b8cd6a0d:/#
root#8bc7b8cd6a0d:/# mongo --tls --tlsCAFile /data/db/certs/rootCA.pem --tlsCertificateKeyFile /data/db/certs/mongodb.pem
MongoDB shell version v4.2.6
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
2020-05-05T19:39:52.308+0000 E QUERY [js] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed: SocketException: stream truncated :
connect#src/mongo/shell/mongo.js:341:17
#(connect):2:6
2020-05-05T19:39:52.358+0000 F - [main] exception: connect failed
2020-05-05T19:39:52.359+0000 E - [main] exiting with code 1
root#8bc7b8cd6a0d:/#
The certificates are stored in the following directory, which is in a volume to the container to store the data from the database.
root#auzal-virtual-machine:/opt/mimongo# ls certs
mongodb.crt mongodb.csr mongodb.key mongodb.pem rootCA.key rootCA.pem rootCA.srl
Finally the configuration file is structured in the following way, this file is a copy of the original, I say this in case you see that the name is different from normal:
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
ssl:
mode: requireSSL
PEMKeyFile: /data/db/certs/mongodb.pem
CAFile: /data/db/certs/rootCA.pem
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
I don't know why I get that error, could it be that I am interpreting something wrong with the certificates and not indicating the correct one? What is the error I receive?
reviewing the logs with a statement within the database I get the following error, however this ability in the main configuration file:
Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support.
The authentication you see is from an administrator user but without a certificate
"2020-05-06T21:46:58.796+0000 I NETWORK [conn3] end connection 127.0.0.1:56360 (0 connections now open)",
"2020-05-06T21:47:02.052+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56362 #4 (1 connection now open)",
"2020-05-06T21:47:02.053+0000 I NETWORK [conn4] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56362 (connection id: 4)",
"2020-05-06T21:47:02.053+0000 I NETWORK [conn4] end connection 127.0.0.1:56362 (0 connections now open)",
"2020-05-06T21:47:08.628+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56364 #5 (1 connection now open)",
"2020-05-06T21:47:08.629+0000 I NETWORK [conn5] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56364 (connection id: 5)",
"2020-05-06T21:47:08.629+0000 I NETWORK [conn5] end connection 127.0.0.1:56364 (0 connections now open)",
"2020-05-06T21:47:11.815+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56366 #6 (1 connection now open)",
"2020-05-06T21:47:11.816+0000 I NETWORK [conn6] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56366 (connection id: 6)",
"2020-05-06T21:47:11.817+0000 I NETWORK [conn6] end connection 127.0.0.1:56366 (0 connections now open)",
"2020-05-06T21:47:21.515+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56368 #7 (1 connection now open)",
"2020-05-06T21:47:21.515+0000 I NETWORK [conn7] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56368 (connection id: 7)",
"2020-05-06T21:47:21.516+0000 I NETWORK [conn7] end connection 127.0.0.1:56368 (0 connections now open)",
"2020-05-06T21:50:17.250+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56374 #8 (1 connection now open)",
"2020-05-06T21:50:17.251+0000 I NETWORK [conn8] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 127.0.0.1:56374 (connection id: 8)",
"2020-05-06T21:50:17.251+0000 I NETWORK [conn8] end connection 127.0.0.1:56374 (0 connections now open)",
"2020-05-06T21:51:48.008+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56396 #9 (1 connection now open)",
"2020-05-06T21:51:48.009+0000 I NETWORK [conn9] received client metadata from 127.0.0.1:56396 conn9: { application: { name: \"MongoDB Shell\" }, driver: { name: \"MongoDB Internal Client\", version: \"4.2.6\" }, os: { type: \"Linux\", name: \"Ubuntu\", architecture: \"x86_64\", version: \"18.04\" } }",
"2020-05-06T21:51:54.405+0000 I NETWORK [conn9] end connection 127.0.0.1:56396 (0 connections now open)",
"2020-05-06T21:52:03.681+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56402 #10 (1 connection now open)",
"2020-05-06T21:52:03.682+0000 I NETWORK [conn10] received client metadata from 127.0.0.1:56402 conn10: { application: { name: \"MongoDB Shell\" }, driver: { name: \"MongoDB Internal Client\", version: \"4.2.6\" }, os: { type: \"Linux\", name: \"Ubuntu\", architecture: \"x86_64\", version: \"18.04\" } }",
"2020-05-06T21:52:03.682+0000 I SHARDING [conn10] Marking collection admin.system.users as collection version: <unsharded>",
"2020-05-06T21:52:03.776+0000 I ACCESS [conn10] SASL SCRAM-SHA-256 authentication failed for admin on admin from client 127.0.0.1:56402 ; AuthenticationFailed: SCRAM authentication failed, storedKey mismatch",
"2020-05-06T21:52:03.786+0000 I NETWORK [conn10] end connection 127.0.0.1:56402 (0 connections now open)",
"2020-05-06T21:52:16.138+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56404 #11 (1 connection now open)",
"2020-05-06T21:52:16.139+0000 I NETWORK [conn11] received client metadata from 127.0.0.1:56404 conn11: { application: { name: \"MongoDB Shell\" }, driver: { name: \"MongoDB Internal Client\", version: \"4.2.6\" }, os: { type: \"Linux\", name: \"Ubuntu\", architecture: \"x86_64\", version: \"18.04\" } }",
"2020-05-06T21:52:16.215+0000 I ACCESS [conn11] Successfully authenticated as principal admin on admin from client 127.0.0.1:56404"
],
"ok" : 1
}
> db.adminCommand( { getLog: "global" } )
I followed this guide when creating my certificate. I initially used the certificate created from here but it didn't work. Using the server certificate did the trick.
Related
I'm trying to connect to mongoDB server running in another AWS Account from my other AWS account to refresh the content.
I'm getting an error.
I NETWORK [thread1] Socket recv() errno:104 Connection reset by peer mongo_db_server:27017
I NETWORK [thread1] SocketException: remote: (NONE):0 error: 9001 socket exception [RECV_ERROR] server [mongodb_db_server:27017]
2021-01-14T23:26:26.015-0500 E QUERY [thread1] Error: network error while attempting to run command 'isMaster' on host 'mongodb_db_server:27017' :
connect#src/mongo/shell/mongo.js:231:14
#(connect):1:6
Remote MongoDB server config has
net:
port: 27017
bindIp: 0.0.0.0
Security groups allow connection to 27017 from 0.0.0.0/0 fo testing purpose.
what am i missing?
It was due to network connectivity.
I try to connect to mongo with the following uri:
mongo 'mongodb://mongoadmin:mxmxmxmxm#server:27017/?tls=true&tlsInvalidHostNameAllowed=true&tlsAllowInvalidCertificates=true&authMechanism=SCRAM-SHA-1'
but anyway server validate the certificate:
2020-07-30T09:06:59.250-0400 E NETWORK [js] SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_NOT_TRUSTED; connection rejected
2020-07-30T09:06:59.250-0400 E QUERY [js] Error: couldn't connect to server bcicrtlmongodb001:27017, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_NOT_TRUSTED; connection rejected :
connect#src/mongo/shell/mongo.js:341:17
in the server config file:
-- network interfaces
net:
bindIpAll: true
port: 27017
-- bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/server.pem
CAFile: /etc/ssl/certs/ca.f5.bci.cl.cer
disabledProtocols: TLS1_0,TLS1_1
allowConnectionsWithoutCertificates: true
security:
authorization: enabled
javascriptEnabled: false
setParameter:
enableLocalhostAuthBypass: false
Server and client validate each other's certificates independently.
tlsAllowInvalidCertificates is the client-side option for the client to not validate the server's certificate. It has no effect on whether the server validates the client's certificate, which is configured in server settings.
I recently changed Instance type in AWS EC2 and since then mongoDB is not working.
MongoDB shell version v3.4.14
connecting to: mongodb://127.0.0.1:27017
2019-01-16T10:46:38.525+0000 W NETWORK [thread1] Failed to connect to
127.0.0.1:27017, in(checking socket for error after poll), reason:
Connection refused
2019-01-16T10:46:38.525+0000 E QUERY [thread1] Error: couldn't
connect to server 127.0.0.1:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:240:13
#(connect):1:6
exception: connect failed
mongod.log:
2019-01-16T09:21:17.579+0000 I - [conn21] end connection
127.0.0.1:35148 (20 connections now open) 2019-01-16T09:21:17.579+0000 I - [conn22] end connection 13.127.210.134:42626 (19
connections now open) 2019-01-16T09:21:17.579+0000 I - [conn20]
end connection 127.0.0.1:35146 (18 connections now open)
2019-01-16T09:21:17.579+0000 I - [conn19] end connection
13.127.210.134:42620 (17 connections now open) 2019-01-16T09:21:17.654+0000 I - [conn18] AssertionException
handling request, closing client connection: 6 socket exception
[SEND_ERROR] for 127.0.0.1:35140 2019-01-16T09:21:17.655+0000 I -
[conn18] end connection 127.0.0.1:35140 (16 connections now open)
2019-01-16T09:21:19.408+0000 I ASIO
[NetworkInterfaceASIO-Replication-0] Connecting to
mdb2.thethingscloud.com:27017 2019-01-16T09:21:19.409+0000 I ASIO
[NetworkInterfaceASIO-Replication-0] Failed to connect to
mdb2.thethingscloud.com:27017 - HostUnreachable: Connection refused
2019-01-16T09:21:19.409+0000 I ASIO
[NetworkInterfaceASIO-Replication-0] Dropping all pooled connections
to mdb2.thethingscloud.com:27017 due to failed operation on a
connection 2019-01-16T09:21:19.409+0000 I REPL
[ReplicationExecutor] Error in heartbeat re
Some information:
The port is indeed open(i can bind it to apache2, for example, and access it externally)
I've tried setting the bind_up parameter to 0.0.0.0, to my localip, etc
I can access it through my local IP(192.167.10.xxx)
I didn't isntall mongo with apt-get, just downloaded it and ran mongod
I've spent a lot of time searching and trying different things, anyone has a idea on what could be causing it?
Mongo runnning
edit:
Mongo options: [initandlisten] options: { config: "config.conf", net: { bindIp: "0.0.0.0", port: 8008 }, security: { authorization: "enabled" }, storage: { dbPath: "/home/defense/mongo/data" } }
When i try to connect:
[thread1] Failed to connect to 146.164.x.xxx:8008, in(checking socket for error after poll), reason: Connection refused
Port check(also I used to connect to MySql using that same port):
Port 8008 is open on 146.164.x.xxx.
Any ideas?
I'm trying to connect to my mongo instance wich I ran as mongod --auth after configuring
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
The configuration on Mongo-IntelliJ plugin looks like this:
The result is that the connection is refused.
Here is (some of) the output of mongod:
2016-10-26T08:40:09.218+0300 I NETWORK [conn45] end connection 127.0.0.1:59014 (0 connections now open)
2016-10-26T08:40:09.718+0300 I NETWORK [initandlisten] connection accepted from 127.0.0.1:59015 #46 (1 connection now open)
2016-10-26T08:40:09.721+0300 I NETWORK [conn46] end connection 127.0.0.1:59015 (0 connections now open)
2016-10-26T08:40:10.221+0300 I NETWORK [initandlisten] connection accepted from 127.0.0.1:59016 #47 (1 connection now open)
2016-10-26T08:40:10.224+0300 I NETWORK [conn47] end connection 127.0.0.1:59016 (0 connections now open)
2016-10-26T08:40:10.725+0300 I NETWORK [initandlisten] connection accepted from 127.0.0.1:59017 #48 (1 connection now open)
2016-10-26T08:40:10.728+0300 I NETWORK [conn48] end connection 127.0.0.1:59017 (0 connections now open)
I tried various combinations with the auth mechanism, but with the same results.
Is there something wrong in my configuration or in the plugin?