我在Ubuntu 16.04.5 LTS服务器上建立了具有SSL安全性的mongoDB数据库,并且我已经使用了几个月。要在mongo上设置SSL,我遵循了medium.com (链接)上的Rajan Maharjan的教程。短暂不使用服务器后返回我的服务器,我收到以下错误消息:
SSL peer certificate validation failed: certificate has expired
查看mongo日志,我发现:
[PeriodicTaskRunner] Server certificate is now invalid. It expired on 2018-11-10T08:10:11.000Z
因此,按照与首次创建证书时相同的步骤,使用rootCA.key文件重新生成并重新签署了所有证书。我重新启动mongod:
service mongod restart
现在,我出现了“自签名证书”错误:
MongoDB shell version v4.0.2
connecting to: mongodb://IP:port/
2018-11-21T13:11:10.584+0000 E NETWORK [js] SSL peer certificate
validation failed: self signed certificate
2018-11-21T13:11:10.584+0000 E QUERY [js] Error:
couldn't connect to server IP:port, connection attempt failed:
SSLHandshakeFailed: SSL peer certificate validation failed: self signed certificate :
connect@src/mongo/shell/mongo.js:257:13
@(connect):1:6
exception: connect failed
我的连接字符串如下:
mongo --ssl --sslCAFile /PATH/TO/rootCA.pem --sslPEMKeyFile /PATH/TO/mongodb.pem --host IP:port
我没有找到有关重新签署mongoDB证书的任何资源。任何帮助将非常感激。
/etc/mongod.conf:
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: PORT
bindIp: IP
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
CAFile: /etc/ssl/rootCA.pem
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#security:
security:
authorization: "enabled"
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
/etc/ssl/
Common Name (eg, YOUR name) []
感谢@AniketMaithani尝试帮助我解决此问题。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句