我已经MongoDB通过可选的 SSL 连接启用了 SSL :preferred.
我曾经lets encrypt为了获取SSL证书而使用过。SSLs 按预期工作,在mongod.log文件中我可以看到:
2018-06-02T06:46:26.664+0000 I NETWORK [listener] connection accepted from MY_SERVER_IP:45442 #2953818 (121 connections now open)
2018-06-02T06:46:26.664+0000 I NETWORK [conn2953818] SSL mode is set to 'preferred' and connection 2953818 to MY_SERVER_IP:45442 is not using SSL.
现在在同一台主机上,我尝试使用如下 mongo 客户端命令连接到 mongo:
mongo --ssl --host mongo.example.com --sslPEMKeyFile /etc/ssl/mongo.pem --sslCAFile /etc/ssl/ca.pem
当我使用SSLmongo 时出现错误:
MongoDB shell version v3.6.2
connecting to: mongodb://mongo.example.com:27017/
2018-06-02T06:48:34.156+0000 E NETWORK [thread1] SSL peer certificate validation failed: unable to get issuer certificate
2018-06-02T06:48:34.164+0000 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for SSL peer certificate validation failed: unable to get issuer certificate :
connect@src/mongo/shell/mongo.js:251:13
@(connect):1:6
exception: connect failed
为什么它会报告unable to get issuer certificate?我错过了介于两者之间的东西吗?有人可以对此有所了解吗?
编辑1:
我也尝试了以下命令并得到了错误network error:
root@example2:~# mongo --ssl --host='mongo.domain.com' --port=27017
MongoDB shell version: 3.2.11
connecting to: mongo.domain.com:27017/test
2018-06-02T08:31:13.501+0000 E QUERY [thread1] Error: network error while attempting to run command 'isMaster' on host 'mongo.domain.com:27017' :
connect@src/mongo/shell/mongo.js:231:14
@(connect):1:6
exception: connect failed
现在得到错误network error while attempting to run command 'isMaster' on host。
在 MongoDB 服务器日志中,它报告说:
Error receiving request from client: SSLHandshakeFailed: SSLHandshakeFailed. Ending connection from 127.0.0.1:32793 (connection id: 358957)
| 归档时间: |
|
| 查看次数: |
10625 次 |
| 最近记录: |