migrate-from-parse-to-mongodb-cloud-manager-and-aws

64 views
Skip to first unread message

ankit chauhan

unread,
Apr 22, 2016, 7:17:19 AM4/22/16
to mongodb-user

Hello,
I am trying to migrate my Parse DB to AWS using MongoDB Cloud manager, I have setup the instances by following the tutorial "https://www.mongodb.com/migrate-from-parse-to-mongodb-cloud-manager-and-aws", I did following steps :

1. I created Replica set
2. I set the mongoDB version to 3.0.9
3. I also set the failIndexKeyTooLong=false
4. I also created the user and database

But when I am trying to configure "Authentication & Users", I am getting the following error :

"Failure dialing host after 255us. Skipping all `MongoDB Non-Blocking` tasks. Distinguished Name (DN) of Subject from SSL client certificate could not be determined. Consider setting the `sslClientCertificateSubject` property as the subject line from the following command: openssl x509 -in </path/to/cert> -subject -nameopt rfc2253 Err: Unsupported attribute type: 1.2.840.113549.1.9.1 at monitoring-agent/components/conf.go:117 at monitoring-agent/components/conf.go:78 at monitoring-agent/components/conf.go:158 at monitoring-agent/components/bus.go:362 at monitoring-agent/components/bus.go:391 at monitoring-agent/components/bus.go:337 at src/runtime/asm_amd64.s:1696"

I have created the certificates at all the three instances by using the following commands :

Step 1 : sudo openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
Step 2 : sudo cat mongodb-cert.key mongodb-cert.crt > mongodb.pem


Kindly help me out where did I made the mistake, and how to generate the correct certificate so that It can be authenticated.
I am always getting "Network error" from Parse when I try to migrate it.




Thanks

Markus Thielsch

unread,
May 3, 2016, 2:19:38 AM5/3/16
to mongodb-user

Hi Ankit,

It has been a while since you posted this question. Were you able to resolve the problems you had with setting up SSL?

From the error message you posted it seems there is a problem with the Client Certificate DN:


Distinguished Name (DN) of Subject from SSL client certificate could not be determined.

The Client Certificate DN should contain the following attributes: Organization (O), the Organizational Unit (OU) or the Domain Component (DC) and should not match the DN of a member certificate. Please review our X509 certificate documentation for clients and our X509 certificate documentation for members. Ensure that the certificate is correctly set up for each instance. Please also review our documentation on how to enable SSL for a deployment.

Also helpful could be our Step-by-Step Parse Migration Plan Webinar.

Regards,
Markus

Attila Tozser

unread,
Oct 4, 2016, 2:59:58 PM10/4/16
to mongodb-user
The error is about when you sign the certificate it is creating an emailAddress attribute in the DN. Try to exclude that and it will work.
Reply all
Reply to author
Forward
0 new messages