0

I want to connect to a SSL enabled mongoDB cluster via my dropwizard service. I am unable to find relevant documentation regarding the same. I do have the .pem file with me

I have tried following: https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/ but it only mentions the command line commands, nothing about configs: mongo --ssl --host hostname.example.com --sslCAFile /etc/ssl/ca.pem

    dbName: "test"
    username: "${mongo_test_user_name}"
    password: "${mongo_test_password}"
    writeConcern: "someValue"
    readPreference: "someValue"
    maxConnectionsPerHost: 10
    threadsAllowedToBlockForConnectionMultiplier: 3
    serverSelectionTimeout: -2

I am not sure what should I add in config and application, configuration to make this work

DevToCode
  • 11
  • 5
  • Check this section of the manual you have cited: https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/#mongodb-drivers Take a closer look at the contents just after the beginning of the document. The link in the section leads to: http://mongodb.github.io/mongo-java-driver/3.0/driver/reference/connecting/ssl/ IMO it is what you need to learn. – zloster May 15 '19 at 06:33
  • @zloster. Thank you, I followed it and added url - made some progress. Now I get error ```! java.security.cert.CertificateException: No subject alternative names present```. please help, how can we fix this - looks like there is something wrong with certificate common name. but I checked the certificate and it has ip address and that is what I am passing in my application – DevToCode May 16 '19 at 21:44
  • You could provide an answer to your own question detailing the steps which helped you to make progress. About the certificate problems: solving this kind of problem requires careful inspections. Take a look for example here: https://stackoverflow.com/questions/10258101/sslhandshakeexception-no-subject-alternative-names-present The usual `quick and dirty hack/workaround` is the modification of the `HostnameVerifier` implementation. – zloster May 20 '19 at 07:13
  • @zloster Well, I just made ```sslEnabled=true``` in the url. I checked this stackoverflow question and it does not help. I also get ```sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target``` Please help – DevToCode May 21 '19 at 12:03
  • Search for the error message you cited. There is plenty of information about the topic. – zloster May 22 '19 at 06:13

0 Answers0