I have a mongodb server v 3.2 configured to use ssl for client connections, with a custom-generated certificate.
I can connect to the server using mongo.exe with the following format:
C:\mongodb\bin>mongo.exe myhost:27017/mydb --sslPEMKeyFile
C:\etc\ssl\mongodb.pem --ssl --username myuser --password mypassword
--sslAllowInvalidCertificates
Is it possible to write an equal mongodb connection string (mongodb://....)?
According to the documentation, there is the only ssl parameter, that seems to be not enough.
Could you try to connect to mongo.exe with the parameter like below:
"mongodb://myuser:mypassword#myhost:27017/mydb?ssl=true&sslAllowInvalidCertificates=true&sslPEMKeyFile=C:/etc/ssl/mongodb.pem"
This works:
mongo --host server --ssl --sslCAFile C:\Path\mongodb-server.pem
--sslPEMKeyFile C:\Path\mongodb-client.pem --sslPEMKeyPassword
password -u user -p --authenticationDatabase admin
Related
i am getting issue while getting mongodump . i have mongodb 4.4 having ssl/Tls enabled for server side as well as for client.
but while taking dump getting the following Error:
2021-03-11T15:57:55.639+0530 Failed: can't create session: error configuring the connector: error configuring client, can't load client certificate: tls: private key type does not match public key type
although i am able to login with mongo shell.
mongo -u ms -p --authenticationDatabase "admin" --tls --tlsCAFile /etc/mongodb/ssl/ca-mongo.crt --tlsCertificateKeyFile /etc/mongodb/ssl/host1.pem --host host1
Add --tlsAllowInvalidHostnames to the command. It disables the validation of the hostnames
Full command
mongo -u ms -p --authenticationDatabase "admin" --tlsAllowInvalidHostnames --tls --tlsCAFile /etc/mongodb/ssl/ca-mongo.crt --tlsCertificateKeyFile /etc/mongodb/ssl/host1.pem --host host1
https://docs.mongodb.com/manual/reference/program/mongo/#cmdoption-mongo-tlsallowinvalidhostnames
If you are using version 4.2 or below then you have to use --sslAllowInvalidHostnames. https://docs.mongodb.com/manual/reference/program/mongo/#cmdoption-mongo-tlsallowinvalidhostnames
i tried to create a dump of a mongodb database on remote server which is running centos,nginx,mongodb v4.0.18 using the following command..
mongodump --host localhost:27017 --authenticationDatabase admin --username <uname> --password <password> --db <db> --out <path to dump>
but im getting the following error
Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
I just replaced --host localhost:27017 for --port 27017. My db is in localhost too. I omitted --db <db> --out <path to dump> too. I point to my db with the --authenticationDatabase flag.
I hope this helps.
Using MongoAtlas and trying to run mongorestore and I am getting the following error.
Failed: error connecting to db server: no reachable servers
I am using the command Atlas proposes.
mongorestore --host BStaging-shard-0/bstaging-shard-00-00-lq11i.mongodb.net:27017,bstaging-shard-00-01-lq11i.mongodb.net:27017,bstaging-shard-00-02-lq11i.mongodb.net:27017 --ssl --username heroku --password "VN" --authenticationDatabase admin
2019-04-14T11:02:31.336-0500
Failed: error connecting to db server: no reachable servers
Fixed:
Updated MongoDB community Shell
Changed bash_profile to point to new shell
Changed bash_profile to point to new mongo db community4.0
(/usr/local/opt/mongodb-community#4.0/bin:/usr/local/opt/mongodb-community-shell/bin:$PATH)
source bash_profile
reconnect to mongo
mongo "mongodb://staging-shard-00-00-dgdr.mongodb.net:27017,staging-shard-00-01-dgdr.mongodb.net:27017,staging-shard-00-02-dgdr.mongodb.net:27017/test?replicaSet=Staging-shard-0" --ssl --authenticationDatabase admin --username me --password pwd
restore
mongorestore --host Staging-shard-0/staging-shard-00-00-dgdr.mongodb.net:27017,staging-shard-00-01-dgdr.mongodb.net:27017,staging-shard-00-02-dgdr.mongodb.net:27017 --ssl --username me --password pwd --authenticationDatabase admin
mongoexport --host=hostname --port=27017 --db=dbname --collection=
collection_name --out=path/data.json
Here is the error which I'm getting
error connecting to db server: no reachable servers
you need to fill a remote hostname or a remote ip, username and password if required.
mongoexport --host hostname --port 27017 --username user --password "pass" --collection collectionName --out=path/data.json
try read the official mongodb docs
Getting mongodump and mongorestore work with security quite troublesome.
I have mongod v3.4.1 with requireSSL running at 192.168.99.100. It is IP address of VirtualBox docker machine running on my Windows. It is just for testing of-cause.
The instance already configured to use TLS/SSL both server and client signed with the same CA. I use the IP address for mongod Common Name to allow hostname validation. The authentication already enabled to accept my client certificate.
So everything is working. I can connect to it like this:
mongo --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem
but now I can't get both mongodump and mongorestore working:
mongodump --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem -d olddb
mongorestore --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem -d newdb --dir=dump/olddb
Both return this error:
2017-01-13T04:28:03.881+0800 Failed: error connecting to db server: no reachable servers, openssl error: Host validation error
I have been trying to turn off client certificate, use username/password but still did not work. I need to remove the SSL in order to make it work.
That means I can only use preferSSL in production.
There is no way to bypass SSL in localhost if I stick with requireSSL.
Anyone getting the same error? Is it a known issue?
Add this option to the command-line:
--sslAllowInvalidHostnames
Full connection sample:
mongo --host 192.168.99.100 --username luke
--password skywalker --authenticationDatabase admin --ssl --sslCAFile rootCA.pem --sslPEMKeyFile me.pem --sslAllowInvalidHostnames
First check your logs at path /var/log/mongodb/mongod.log
Also there is default path of SSL Certificates. And for unix based systems given an SSL certificate located at /etc/ssl/mongodb.pem
As per my understanding for this problem, i would say certificate path needs to be checked. SSL certificate is not located in your windows environment. Try adding full path of certificate.
Also look into this https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/
Happy coding