SSL required, with self-signed certs: why does https return error & http return collection?

[theship]

I'm trying to discover what critical bit of information I've over looked in implementing SSL. I've looked at the docs, ran through some tutorials, but am getting unexpected results in my dev environment.

Here's the overall steps I've taken:

---

certs:

---

* Generated my own CA

- CN=localhost

* Generated a server cert with my own CA

- cat my-server.crt.pem my-server.key.pem > mongodb.pem

- CN=127.0.0.1

* Generated a client cert with my own CA

- cat my-client.crt.pem my-client.key.pem > dbclient.pem

- CN=127.0.0.1

---

server:

---

* Created a mongo.conf file with the following SSL options

sslMode = requireSSL # do not permit non-SSL connections

sslPEMKeyFile = ./ssl/mongodb.pem

sslPEMKeyPassword = ... # password (to decrypt private key)

sslCAFile = ./ssl/my-private-root-ca.crt.pem 

>>>> mongod --config mongodb.conf

---

client

---

Added SSL to my index.js file:

...

var https = require('https'),

    fs = require('fs'); 

...

app.use(methodOverride('X-HTTP-Method-Override')); //ability to use put, etc.

...

// For the moment, allowing just about everything for now for CORS origin, methods, and headers

...

// http://docs.mongodb.org/manual/core/authentication/

var config = {

                mongo: {

                    host: "localhost",

                    port: 27017,

                    db: "test"

                   }

                };

var dbstring = "mongodb://" + config.mongo.host + ":" + config.mongo.port +

"/" + config.mongo.db;

var dboptions = {

    server: {

        // mongo -ssl -sslPEMKeyFile ./ssl/dbclient.pem -sslCAFile ./ssl/my-private-root-ca.crt.pem

            ssl: true,

        // sslCert: fs.readFileSync('./ssl/my-client.key.pem') also works

            sslCert: fs.readFileSync('./ssl/dbclient.pem'),

            sslKey: fs.readFileSync('./ssl/my-client.key.pem')

        }

    };

mongoose.connect(dbstring, dboptions);

mongoose.connection.once('open', function() {

...

    console.log('Secure Express server listening on port 27017...');

    app.listen(27017);

});

>>>> node index.js

---

Results:

---

Server log says:

    connection accepted from 127.0.0.1:56039 #46 (1 connection now open)

In Chrome browser, https://localhost:27017/collection1 results in ERR_CONNECTION_CLOSED

But http://localhost:27017/collection1 returns the collection

---

Expected:

---

http request to result in ERR_CONNECTION_CLOSED and https to return collection (after cert is accepted in browser, of course)

Any suggestions as to what is missing or how I can get more information as to what is going wrong?

Much appreciated!

[Stephen Steneker]

On Friday, 22 May 2015 09:24:29 UTC+10, theship wrote:

I'm trying to discover what critical bit of information I've over looked in implementing SSL. I've looked at the docs, ran through some tutorials, but am getting unexpected results in my dev environment.

Hi,

It looks like you may be confusing the SSL configuration between your application & MongoDB with configuring SSL between the browser and your application. It seems you want to set up both connections with SSL, but only have the first part (app <=> MongoDB) configured correctly.

The options below are for your application to connect to MongoDB over SSL:

 

var dbstring = "mongodb://" + config.mongo.host + ":" + config.mongo.port +

"/" + config.mongo.db;

var dboptions = {

    server: {

        // mongo -ssl -sslPEMKeyFile ./ssl/dbclient.pem -sslCAFile ./ssl/my-private-root-ca.crt.pem

            ssl: true,

        // sslCert: fs.readFileSync('./ssl/my-client.key.pem') also works

            sslCert: fs.readFileSync('./ssl/dbclient.pem'),

            sslKey: fs.readFileSync('./ssl/my-client.key.pem')

        }

    };

... 

    console.log('Secure Express server listening on port 27017...');

    app.listen(27017);

Your app is listening on port 27017, which is probably a mistake since this is also the port your local MongoDB server is listening on. You should choose a distinct port from the MongoDB server.

In Chrome browser, https://localhost:27017/collection1 results in ERR_CONNECTION_CLOSED

The default app.listen() helper is a wrapper for http.createServer(); you need to call https.createServer() instead.

For an example of listening on https, check the documentation for the version of Express you are using, eg: http://expressjs.com/api.html#app.listen.

Regards,

Stephen

[theship]

Ha! I did think that I could check the connection before I moved on to the app jwt auth side of things. Thanks much, Stephen!

Also, there are some fundamental issues, tests, and fixes with this mongodb <=> app side of things that jww pointed out on stackoverflow. (I hope that these questions and answers will help others until there's a solid end-to-end tutorial or video or something.)

Regards!