connect mongodb via java using SSL
307 views
Skip to first unread message
Jim Largent
Dec 13, 2017, 1:41:05 PM12/13/17
to mongodb-user
I'm attempting to connect to a mongodb instance that uses SSL. I've followed the examples I've seen on the net and have a very simple program to attempt the connection.
NOTE: The specific machines and users have been replaces with <user name> and <server address>
MongoClientURI mongo = new MongoClientURI("mongodb://<user name>@<server address>/database?ssl=true,authMechanism=MONGODB-X509");
MongoClient client = new MongoClient(mongo);
ListDatabaseIterable<Document> db = client.listDatabase();
for (Document d :db){
System.out.println("Database " + d);
}
when I run this I get in the mongo server log:
connection accepted from <server address>
no SSL certificate provided by peer; connection rejected
On the Java client side, I get the following error:
com.mongodb.MongoSocketReadException: Prematurely reached end of stream
Looking at the SSL Debug output, I see
"Warning: no suitable certificate found - cointinuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
Based on everything I've read the code should work, so I suspect a certificate problem, but there are other parts of the project that is authenticating just find with Mongo, from nodejs and scala.
I'm not a SSL expert by any means, but it seems like the client certificate is not getting picked up by mongo client or at least not sending. Any suggestions would be greatly appreciated.
I have seen the messages about setting the maxConnectionIdleTimeout and I've tried it and it didn't make a difference.
NOTE: The specific machines and users have been replaces with <user name> and <server address>
MongoClientURI mongo = new MongoClientURI("mongodb://<user name>@<server address>/database?ssl=true,authMechanism=MONGODB-X509");
MongoClient client = new MongoClient(mongo);
ListDatabaseIterable<Document> db = client.listDatabase();
for (Document d :db){
System.out.println("Database " + d);
}
when I run this I get in the mongo server log:
connection accepted from <server address>
no SSL certificate provided by peer; connection rejected
On the Java client side, I get the following error:
com.mongodb.MongoSocketReadException: Prematurely reached end of stream
Looking at the SSL Debug output, I see
"Warning: no suitable certificate found - cointinuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
Based on everything I've read the code should work, so I suspect a certificate problem, but there are other parts of the project that is authenticating just find with Mongo, from nodejs and scala.
I'm not a SSL expert by any means, but it seems like the client certificate is not getting picked up by mongo client or at least not sending. Any suggestions would be greatly appreciated.
I have seen the messages about setting the maxConnectionIdleTimeout and I've tried it and it didn't make a difference.
Wan Bachtiar
Dec 14, 2017, 1:06:11 AM12/14/17
to mongodb-user
Any suggestions would be greatly appreciated.
Hi Jim,
Are you able to connect via mongo shell ?
Assuming that you’re trying to connect to MongoDB instance that requires client certificate, you will need to set several JVM system properties related to javax.net.ssl.
See also MongoDB Java Driver Tutorial SSL and related discussion thread: https://groups.google.com/forum/#!topic/mongodb-user/9oEJZTK_2ik
Regards,
Wan.
Jim Largent
Dec 14, 2017, 7:11:07 AM12/14/17
to mongodb-user
Thanks for the reply. After sleeping on it, I created new certs and replaced the ones I was using and suddenly it works. Although the original certs looked fine in keytool, there must have been some error or corruption of the file that was causing the problem.
Reply all
Reply to author
Forward
0 new messages