We Keep Coding

Connect to mongodb with TLS

Windows version : 10
Mongodb version : 6.0.2
Tools : mongosh
Hello, I am trying to set up mongodb with TLS and accessing the mongodb instance through mongosh using client certificate.
I followed the steps mentionned here : https://www.mongodb.com/docs/manual/core/security-transport-encryption/ to configure the mongod with TLS.
The configuration is successful and I can successfully start mongodb using below command :
mongod --tlsMode requireTLS --tlsCertificateKeyFile C:\OpenSSL\openssl-0.9.8k_X64\bin\test-server1.pem
my mongod.cfg has the below settings for network:
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
tls:
mode: requireTLS
tlsCertificateKeyFile: C:\OpenSSL\openssl-0.9.8k_X64\bin\test-server1.pem
My issue is when trying to connect through mongosh, I am getting below error:
Connecting to: mongodb://localhost:27017/?directConnection=true&serverSelectionTimeoutMS=2000&tls=true&tlsCertificateKeyFile=C%3A%5COpenSSL%5Copenssl-0.9.8k_X64%5Cbin%5Ctest-client.pem&tlsCAFile=C%3A%5COpenSSL%5Copenssl-0.9.8k_X64%5Cbin%5Ctest-ca.pem&appName=mongosh+1.6.0
MongoServerSelectionError: read ECONNRESET
I used steps on
https://www.mongodb.com/docs/manual/appendix/security/appendixC-openssl-client/#std-label-appendix-client-certificate to generate client certificate above.
Server certificate was generated following these steps :
https://www.mongodb.com/docs/manual/appendix/security/appendixB-openssl-server/#std-label-appendix-server-certificate
The message
MongoServerSelectionError: read ECONNRESET
is not giving any value in understanding the error. I understand its an openssl error but why am getting this error is unclear.
Any help will be appreciated.

I had the following error in log.
{"error":{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"SSL handshake received but server is started without SSL}
I started mongodb again with new tls config and now its ok. Thanks –
mongod --tlsMode requireTLS --tlsCertificateKeyFile C:\OpenSSL\openssl-0.9.8k_X64\bin\test-server1.pem
mongosh --tls --host localhost --tlsCertificateKeyFile C:\OpenSSL\openssl-0.9.8k_X64\bin\test-client.pem --tlsCAFile C:\OpenSSL\openssl-0.9.8k_X64\bin\test-ca.pem
We can also store the tls options in the config file
port: 27017
bindIp: 127.0.0.1
tls:
mode: requireTLS
tlsCertificateKeyFile: C:\OpenSSL\openssl-0.9.8k_X64\bin\test-server1.pem

Can't login to Wekan DB CentOS console

I have recently installed Wekan on a CentOS (CentOS Linux release 7.6.1810) server and it works well. However I need to login to the MongoDB. I have followed the installation guide of MongoDB and set a password for 'admin' user. But when When the "mongo -u admin -p" command is entered it prompts for password and I get the following error. However I have another issue not starting "mongod", but it is enabled.
connecting to: test
2020-06-12T01:20:23.618-0400 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: errno:111 Connection refused
2020-06-12T01:20:23.618-0400 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:229:14
#(connect):1:6
exception: connect failed
I created this user in mongo which does not seem to work when trying to login to the DB.
$ mongo
db.createUser(
{
user: "admin",
pwd: "abcd1234",
roles: [ { role: "root", db: "admin" } ]
}
)
Firstly I installed the latest version of mongodb and then I downgraded to to 3.2 which works with wekan. However Wekan still works fine without any issue.
This is the error I get when starting the mongod.
$ systemctl start mongod
Job for mongod.service failed because the control process exited with error code.
See "systemctl status mongod.service" and "journalctl -xe" for details.
$ systemctl enable mongod
mongod.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig mongod on
The port mongod uses is 27019 which I found from the following command.
$ ss -nutlp
tcp LISTEN 0 128 127.0.0.1:27019 *:* users:(("mongod",pid=11578,fd=6))
What am I doing wrong here?

In the output of the mongo shell connection failure:
Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: errno:111 Connection refused
This tells you that it is attempting to connect to port 27017 on localhost, and that the operating system actively refused the connection because nothing is listening on that port.
The ss output shows that mongod is listening on port 27019.
Try adding --port 27019 to your mongo command line.

LetsEncrypt SSL Certificate Validation Failed with MongoDB

A little background...my certificate is a LetsEncrypt.org SSL certificate issued with Certbot. I'm running Nginx 1.12.2, and I'm able to properly access my website using https:// so I believe that portion is configured properly. My web server is running Ubuntu 16.04 and MongoDB 3.6.3.
I have tried many configurations and while I can connect to my MongoDB just fine using Compass (the official MongoDB GUI) without the SSL option, attempts to connect with SSL result in a Could not connect to MongoDB on the provided host and port error message. Running mongo -ssl --sslPEMKeyFile /etc/ssl/mongo.pem on my server results in the following error:
MongoDB shell version v3.6.3
connecting to: mongodb://127.0.0.1:27017
2018-06-12T16:51:10.756+0000 E NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate
2018-06-12T16:51:10.757+0000 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for SSL peer certificate validation failed: unable to get local issuer certificate :
connect#src/mongo/shell/mongo.js:251:13
#(connect):1:6
exception: connect failed
My /var/log/mongodb/mongod.log shows the following which corresponds to the error above:
2018-06-12T16:51:10.755+0000 I NETWORK [listener] connection accepted from 127.0.0.1:47792 #8 (2 connections now open)
2018-06-12T16:51:10.757+0000 I NETWORK [conn8] end connection 127.0.0.1:47792 (1 connection now open)
My /etc/mongod.conf contains the following (I've commented out the CAFile parameter as I've read this is optional for now [source: https://stackoverflow.com/a/33926129/2969615 ]; note that I get mongo.pem: OK when running the openssl verify -CAfile /etc/ca.pem /etc/mongo.pem command, so I believe mongo.pem is properly set up):
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
ssl:
mode: allowSSL
PEMKeyFile: /etc/ssl/mongo.pem
# CAFile: /etc/ssl/ca.pem
I've created my mongo.pem file by referring to the following: https://serverfault.com/a/878457 ...I have tried the certificate in the instructions as well as both X3 intermediate certificates available at https://letsencrypt.org/certificates/ to no avail.
Any help would be greatly appreciated.

Very late to the party, but just in case it does help someone. I am running mongodb inside docker with the official image from mongo and compass from another docker image.
For the server I use:
docker run -it --name data.domain.com --network docker_network -v /path/to/ssl:/ssl:ro -e MONGO_INITDB_ROOT_USERNAME=admin -e MONGO_INITDB_ROOT_PASSWORD=pass mongo --tlsMode requireTLS --tlsCertificateKeyFile /ssl/fullchain-key.pem --tlsCAFile /etc/ssl/certs/ISRG_Root_X1.pem
fullchain-key.pem is 'cat fullchain.pem privkey.pem > fullchain-key.pem'
docker name or server name must match certificate name
For Compass I use:
The server has it's own certificate and compass as well.

Trouble connecting mongo to mlab (login failed)

I try to connect mongo to mlab but got this error: https://imgur.com/a/mjN2lbe
$ ./bin/mongo.exe mongo ds*****.mlab.com:****/**** -u <username> -p
MongoDB shell version v3.6.4
Enter password:
connecting to: mongodb://127.0.0.1:27017/mongo
MongoDB server version: 3.6.4
2018-04-30T21:59:20.446+0700 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1608:20
#(auth):6:1
#(auth):1:2
exception: login failed
I have already created user on mlab database like this: https://imgur.com/a/mjN2lbe but it still doesn't work. I'm 100% sure that I did not type the wrong username or password

Unable to set up default credentials for official Mongo docker image

I am using docker-compose to launch an official mongodb database container.
Reading the scripts and some StackOverflow questions looks like MONGO_INITDB_ environment variables can be used to set default credentials.
After running the following docker-compose.yml:
version: '2'
services:
mongodb:
image: mongo:3.6
environment:
- MONGO_INITDB_ROOT_USERNAME=user
- MONGO_INITDB_ROOT_PASSWORD=password
- MONGO_INITDB_DATABASE=collection
ports:
- 27017:27017
And trying to connect with mongo cli or mongoose Node.js ODM I get authentication error:
➔ mongo -u user -p password --verbose localhost:27017/collection
MongoDB shell version: 2.6.10
connecting to: localhost:27017/collection
2018-04-10T12:29:46.386+0200 creating new connection to:localhost:27017
2018-04-10T12:29:46.386+0200 [ConnectBG] BackgroundJob starting: ConnectBG
2018-04-10T12:29:46.387+0200 connected to server localhost:27017 (127.0.0.1)
2018-04-10T12:29:46.387+0200 connected connection!
2018-04-10T12:29:46.391+0200 User Assertion: 18:{ ok: 0.0, errmsg: "auth failed", code: 18, codeName: "AuthenticationFailed" }
2018-04-10T12:29:46.392+0200 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18, codeName: "AuthenticationFailed" } at src/mongo/shell/db.js:1287
2018-04-10T12:29:46.392+0200 User Assertion: 12514:login failed
2018-04-10T12:29:46.393+0200 freeing 1 uncollected N5mongo12DBClientBaseE objects
exception: login failed
Connecting to /admin collection as defined in the entrypoint script [1] gave the same result. I am unable to see what am I doing wrong.
EDIT: Derick, from irc.freenode.org #mongodb channel, suggested that it may be not picking the --auth flag. I tried to log in without credentials (mongo --verbose localhost:27017/admin) and it worked. I am still having the issue of establishing defaults credentials, so issue is not yet solved.
[1] https://github.com/docker-library/mongo/blob/b96fddd1e1a100c01f0ea6d28e1c7ccc750fd5c0/3.6/docker-entrypoint.sh#L292