I'm using MongoDB v3.0.0 with the following configuration file:
storage:
dbPath: "/home/vagrant/backend/mongodata"
engine: wiredTiger
systemLog:
destination: file
path: "/home/vagrant/backend/log/mongo.log"
logAppend: true
net:
port: 27017
# Enable the HTTP interface (Defaults to port 28017).
http:
enabled: false
ssl:
mode: requireSSL
PEMKeyFile: /home/vagrant/backend/keys/privKeys.pem
security:
authorization: 'enabled'
But when I start it up, I get the following error:
Unrecognized option: net.ssl.PEMKeyFile
try '/home/vagrant/backend/mongo/bin/mongod --help' for more information
It looks like I have it set up pretty much exactly like they recommend in the docs: https://docs.mongodb.com/manual/tutorial/configure-ssl/ . The docs say this is new in mongo 3.0, so it should support this option. It does say certain distributions still don't support it (bizarrely), so I should include that I installed mongo via this: https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.0.0.tgz . The closest info I could find is the MongoDB Download Center saying version 3.0.14 for linux "has been compiled with SSL enabled and dynamically linked. This requires that SSL libraries be installed seperately. See here for more information on installing OpenSSL."
Any idea what might be going wrong here?
For me its looks like spacing issue in configuration you may need to check the spacing only two spaces are allowed with list members ssl become underneath of net so when declaring ssl ensure the spaces
here are my working configurations.
net:
port: 28017
bindIp: 127.0.0.1
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb/mongodb-server.pem
CAFile: /etc/ssl/mongodb/mongodb-client.pem
PEMKeyPassword: abc123+
Since MongoDB v3.0.x most MongoDB distributions include support for SSL, but not all. As you have figured out, most likely the distribution that you have does not support SSL.
If you're starting a new MongoDB deployment, I would recommend to install the latest stable release, currently at MongoDB v3.4.x which have more (if not all) distributions supporting SSL. See Release Notes for MongoDB 3.4
Worked for me Mongo version 4.2.8 :
Ignore the message and check the Mongo logs, I found that the path configured for the PEM file was incorrect and should be the fully qualified path. Even after configuring it right, there was this SSL warning that was still present but worked.
ssl:
mode: requireSSL
PEMKeyFile: /data/users/mongodb/mongodb.pem
PEMKeyPassword: YOUR_PASS
Related
I'm using a third-party tool that's using Mongo as its datastore. Mongo has been configured on a Windows VM, with the following config for TLS:
net:
port: 27017
bindIp: 127.0.0.1,0.0.0.0
tls:
mode: requireTLS
certificateSelector: subject=*server_name*
allowConnectionsWithoutCertificates: true
If I'm using either mongo shell or Compass and just specify tls=true, it fails to connect - but if I add the tlsAllowInvalidCertificates flag then it'll connect.
I found the tlsCAFile flag, so I exported the root CA cert and added it to my connection:
mongosh --tlsCAFile testca.cer mongodb://themongoserver:27017/mongodatabasenamehere?tls=true
That works fine.
Same goes for Compass if I specify the CA file via the UI.
My question is - is there any way to specify the CA file from the store - much like you would run the mongo daemon with the above configuration? Seems a bit daft that I've got to export it for the client, yet the server can read it from a store.
I suspect the answer will be a no but worth asking - as I'm sure I'll also get asked by my peers.
Thanks in advance,
Tony
We installed MongoDB on windows(development) version 3.4, and enabled authentication, after running the command mongod --auth, the authentication was successfully implemented.
Now on the production server that is Ubuntu 16, with MongoDb version 4.0, we made changes to the mongod.conf file as seen below and then restated the mongod service with command sudo service mongod start, but now we are not able to connect to our MongoDB Ubuntu server.
security:
authorization: "enabled"
Where did we go wrong in implementing authentication for MongoDB on Ubuntu server.
security:
authorization: "enabled"
2 possible issues here : reading the doc, i'm not sure you need to quote the enabled word.
Moreover, yaml format need to increment sub part of conf, so your conf file have to look like :
security:
authorization: enabled
But cannot really test, since i don't have any running local instance
I am trying to get MongoDB authentication working on my AWS Linux server. I have run authentication using MongoDB running on windows with no issues,
>mongod --auth
On my AWS server I am trying to run MongoDB using the service command,
$ sudo service mongod start
However, mogod does not start. I believe the problem is with my /etc/mongod.conf file. Here is the /etc/mongod.conf with authentication enabled,
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
# network interfaces
net:
port: 27017
# bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
security:
authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
The problem is with the security tag.
security:
authorization: enabled
If I include it, MongoDB will not start. If I take it out, MongoDB starts fine but has no security. What I am doing wrong?
Ok, my bad...The file is of type YAML. I originally entered,
security:
authorization: enabled
Because it's YAML, I needed a couple of spaces. The correct entry is,
security:
authorization: enabled
Works fine now.
By the way, If you are using MongoDB and have a public IP/port exposed I would highly recommend that you enable security. I got an email last week from AWS saying that if you are using MongoDB that has a port that is publicly available you should implement security. I am still in development so I ignored the AWS recommendation. Well, 3 days later, someone accessed my databases, copied them, deleted them, and left me a ransomware note in a new database. They wanted one bitcoin for the return of my existing databases. I did not pay the ransom. Fortunately, this was not a problem for me. All of the data was limited test data. To avoid potential malware bombs, I deleted the AWS instance, created a new instance and installed a fresh MongoDB release with authorization enabled.
This episode could have been a disaster with real customer data. If you are using MongoDB with public access make sure you enable authorization.
I'm running a 3 server MongoDB replica set. I recently upgraded from 2.4 to 2.6.
On 2.4 I was able to reach the HTTP Console on all three servers, regardless of whether they were Primary or Secondary. Now with 2.6 there is a different config setting needed to enable the console.
# Disable the HTTP interface (Defaults to localhost:28017).
#nohttpinterface = true
nohttpinterface = false
If I create a completely fresh, standalone instance with 2.6, it works. However on the replica set, it does not. MongoDB is running on 27017 and I have confirmed nothing is running on 28017, so that rules out firewall issues.
Are there additional changes required to enable this feature on a replica set?
Adding
httpinterface=true
in /etc/mongod.conf enables it on http://127.0.0.1:28017
I had to add
rest=true
to enable REST interface so that commands in http console are working.
For mongodb v3.0.2 the mongod.conf is a yaml file,
you should add these two lines after net:
http.enabled: true
http.RESTInterfaceEnabled: true
my mongod.conf is
net:
bindIp: 127.0.0.1
http.enabled: true
http.RESTInterfaceEnabled: true
https://docs.mongodb.com/ecosystem/tools/http-interfaces/
HTTP Status Interface
Deprecated since version 3.2: Starting in 3.2, MongoDB deprecates the HTTP interface.
I am running Mongo DB version 2.6 on Windows Server 2012. I am having trouble setting up the YAML config file for for security and authorization. When I have the below config file I only receive an error saying "Unrecognized option: security". What is wrong with my config?
mongod_test.conf:
security:
authorization: enabled
authenticationMechanisms: MONGODB-CR
storage:
dbPath: F:\MongoData
Command line:
mongod.exe --config mongod_test.conf
I've added spaces back to my file and that fixes part of the problem. With the updated config from above the current error I am getting is:
c:\MongoDBFolder\bin>mongod.exe --config mongod_test.conf
Unrecognized option: security.authenticationMechanisms
try 'mongod.exe --help' for more information
Can't speak for your exact config, but Yaml requires colon+space to separate the keys and values, otherwise you'll get parse errors;
security:
authorization: enabled
authenticationMechanisms: MONGODB-CR
storage:
dbPath: F:\MongoData
The error:
Unrecognized option: security.authenticationMechanisms
is because authenticationMechanisms is not part of the "security" configuration.
As per the documentation:
http://docs.mongodb.org/manual/reference/configuration-options/#security
However, authenticationMechanisms is an option for "setParameter", as per this documentation:
http://docs.mongodb.org/manual/reference/parameters/#param.authenticationMechanisms
I find the documentation convoluted and confusing, but I've not found anything to contradict this, yet.
So, given the above, I think you should be looking at the following:
security:
authorization: enabled
setParameter:
authenticationMechanisms: MONGODB-CR
storage:
dbPath: "F:\MongoData"
Can you ensure there is a space after ":" for the key-value pair lines and also enclose the string values like dbPath value in quotes.
I had an extremely similar error when trying to setup SSL, searching for my problem this was the only relevant result, but was not the solution that was required.
I had a problem with the error:
"Unrecognized option: net.ssl.mode"
The issue was the mongodb version. I had installed using brew which does not default to mongodb with ssl support. To fix this the I had to use the --with-openssl flag.
brew install mongodb --with-openssl
Ensure the configuration file uses ASCII encoding. mongod does not support configuration files with non-ASCII encoding, including UTF-8.
Also make sure your header isn't commented out
security not #security