Hi
I have issue with tls configuration. I configured tls according documentation (tls, mode, certificateKeyFile and CAFile). I have two files - key.pem where is private key and certificate, second file ca.pem has rootca certificate. Mongodb working and so on. Whereas I have problem with connection to server though mongosh. I’m passing parameter --tls, --tlsCertificateKeyFile and --tlsCAFile during connection.
If I’m providing tlsCertificateKeyFile with certificate only, error is appearing - MongoServerSelectionError: error:1E08010C:DECODER routines::unsupported
If I’m providing private key only - error is appearing: MongoServerSelectionError: error:0480006C:PEM routines::no start line
If I’m useing --tlsCertificateKeyFile where is private key and certificate, mongosh is able to connect to server. Therefore this solution for me is strange because in connection I have to pass cert and private key. I am used to passing only certificate chain without private key. Private key is reserved for server only in this case.
Does someone expose this case me? Or maybe I doing wrong something?
chris
(Chris Dellaway)
2
First of all, I thanks for your reply.
I saw this parameter such is allowConnectionsWithoutCertificates but I saw too that it is bypass only.
I understand that there isn’t another way to passing public certification only, without private key?
If everythings is true what I’m writing that We have to more treat tls as encryption than authorization
chris
(Chris Dellaway)
4
I would not classify it as a bypass.
This is the most common scenario of tls. The client connects without presenting a certificate.
The client still has verify and trust the server certificate.