API tools faq
paste
Guest User

Untitled

a guest
May 15th, 2018
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.89 KB | None | 0 0
raw download clone embed print report
  1. #Root CA key
  2. openssl genrsa -out rootCA.key 2048
  3.  
  4. #Root CA crt
  5. openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -subj "/C=US/ST=CA/L=Santa Monica/O=test/OU=IT/CN=127.0.0.1:27117"
  6.  
  7. #Mongodb key
  8. openssl genrsa -out mongodb.key 2048
  9.  
  10. #Mongodb csr
  11. openssl req -new -key mongodb.key -out mongodb.csr -subj "/C=US/ST=CA/L=Santa Monica/O=test/OU=IT/CN=127.0.0.1:27117"
  12.  
  13. #Mongodb crt
  14. openssl x509 -req -in mongodb.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256
  15.  
  16. #PEM files
  17. cat mongodb.key mongodb.crt rootCA.crt > mongodb.pem
  18. cat rootCA.key rootCA.crt > rootCA.pem
  19.  
  20. # Clean
  21. rm mongo.pkc mongo-truststore
  22.  
  23. # Add mongo to keystore
  24. openssl pkcs12 -CAfile rootCA.pem -export -in mongodb.pem -out mongo.pkc -password pass:test12
  25.  
  26. # Add root ca to trust store
  27. echo "y" | keytool -importcert -trustcacerts -file rootCA.crt -keystore mongo-truststore -storepass test12
  28.  
  29. docker run -d
  30. --name testmongo
  31. -e MONGO_INITDB_ROOT_USERNAME=test
  32. -e MONGO_INITDB_ROOT_PASSWORD=test12
  33. -e MONGODB_DBNAME=testdb
  34. -v $sslpath:/etc/ssl/
  35. -p 27117:27017
  36. mongo:3.6
  37. --sslMode requireSSL
  38. --sslPEMKeyFile /etc/ssl/mongodb.pem
  39. --auth
  40.  
  41. -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=local-files/ssl/mongo.pkc -Djavax.net.ssl.keyStorePassword=test12 -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStore=local-files/ssl/mongo-truststore -Djavax.net.ssl.trustStorePassword=test12 -Djavax.net.debug=true
  42.  
  43. com.mongodb.MongoSocketWriteException: Exception sending message
  44. at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:465)
  45. at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:208)
  46. at com.mongodb.connection.CommandHelper.sendMessage(CommandHelper.java:89)
  47. at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32)
  48. at com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:85)
  49. at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:45)
  50. at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:116)
  51. at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:113)
  52. at java.lang.Thread.run(Thread.java:745)
  53. Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
  54. at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
  55. at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
  56. at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
  57. at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
  58. at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
  59. at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
  60. at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
  61. at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
  62. at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
  63. at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
  64. at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
  65. at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
  66. at com.mongodb.connection.SocketStream.write(SocketStream.java:75)
  67. at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:204)
  68. ... 7 more
  69. Caused by: java.security.cert.CertificateException: No subject alternative names present
  70. at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144)
  71. at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
  72. at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
  73. at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
  74. at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
  75. at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
  76. at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
  77. ... 16 more
  78.  
  79. HttpsURLConnection.setDefaultHostnameVerifier(
  80. SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
  81.  
  82. javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
  83. override def verify(hostname: String, sslSession: SSLSession): Boolean = {
  84. // hostname == "127.0.0.1"
  85. true
  86. }
  87. })
  88.  
  89. openssl x509 -req -in mongodb.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256
  90.  
  91. openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -in mongodb.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!