mongodump and mongorestore with SSL
Solution 1
Add this option to the command-line:
--sslAllowInvalidHostnames
Full connection sample:
mongo --host 192.168.99.100 --username luke --password skywalker --authenticationDatabase admin --ssl --sslCAFile rootCA.pem --sslPEMKeyFile me.pem --sslAllowInvalidHostnames
Solution 2
First check your logs at path /var/log/mongodb/mongod.log
Also there is default path of SSL Certificates. And for unix based systems given an SSL certificate located at /etc/ssl/mongodb.pem
As per my understanding for this problem, i would say certificate path needs to be checked. SSL certificate is not located in your windows environment. Try adding full path of certificate. Also look into this https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/
Happy coding
Related videos on Youtube
Comments
-
CallMeLaNN about 2 years
Getting
mongodump
andmongorestore
work with security quite troublesome.I have
mongod
v3.4.1 withrequireSSL
running at192.168.99.100
. It is IP address of VirtualBox docker machine running on my Windows. It is just for testing of-cause.The instance already configured to use TLS/SSL both server and client signed with the same CA. I use the IP address for
mongod
Common Name to allow hostname validation. The authentication already enabled to accept my client certificate.So everything is working. I can connect to it like this:
mongo --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem
but now I can't get both
mongodump
andmongorestore
working:mongodump --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem -d olddb mongorestore --ssl --host 192.168.99.100 --sslCAFile rootCA.pem --sslPEMKeyFile me.pem -d newdb --dir=dump/olddb
Both return this error:
2017-01-13T04:28:03.881+0800 Failed: error connecting to db server: no reachable servers, openssl error: Host validation error
I have been trying to turn off client certificate, use username/password but still did not work. I need to remove the SSL in order to make it work.
That means I can only use
preferSSL
in production. There is no way to bypass SSL in localhost if I stick withrequireSSL
.Anyone getting the same error? Is it a known issue?