Mongo Java Client: How can I connect with SSL enabled but no certificate?

Question

For testing I have setup a mongodb server which allows for ssl connections without certificate. I am able to connect in this way using RoboMongo and the mongo-c-driver, however when I try Java I get: {javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}

I tried setting the socket factory to use default socket but I get: com.mongodb.MongoInternalException: SSL is enabled but the socket is not an instance of javax.net.ssl.SSLSocket

How can I make this connection?

@EJP would you care to elaborate? – sagioto May 11 '17 at 13:39 — sagioto, May 11 '17 at 13:39

score 0 · Accepted Answer · edited May 23 '17 at 11:33

So based on general SSL and this answer by ZZ Coder

MongoClient mongoClient = new MongoClient(serverAddress, 
Collections.singletonList(mongoCredential), MongoClientOptions.builder().sslEnabled(true).socketFactory(getNoopSslSoketFactory()).build());


private static SSLSocketFactory getNoopSslSocketFactory() {
    SSLContext sslContext;
    try {
        sslContext = SSLContext.getInstance("SSL");

        // set up a TrustManager that trusts everything
        sslContext.init(null, new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }

            @Override
            public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }}, new SecureRandom());
    } catch (NoSuchAlgorithmException | KeyManagementException e) {
        LOG.error("Couldn't create SSL Context for MongoDB connection", e);
        throw new RuntimeException(e);
    }
    return sslContext.getSocketFactory();
}

```

The connection is still encrypted using SSL but there's no trust certificate so both sides are not sure who they communicate with. I agree that this is far less secure, but this is a configuration which can be used for MongoDb and I needed to test it. Of course that both of my instances are in a test environment and using test data and this is in no way a production setup, as I mentioned, part of a test, which tests a valid use case. not sure why you would get upset over this @EJP — sagioto, May 11 '17 at 13:43

Mongo Java Client: How can I connect with SSL enabled but no certificate?

1 Answers1