Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Root CA key
- openssl genrsa -out rootCA.key 2048
- #Root CA crt
- openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -subj "/C=US/ST=CA/L=Santa Monica/O=test/OU=IT/CN=127.0.0.1:27117"
- #Mongodb key
- openssl genrsa -out mongodb.key 2048
- #Mongodb csr
- openssl req -new -key mongodb.key -out mongodb.csr -subj "/C=US/ST=CA/L=Santa Monica/O=test/OU=IT/CN=127.0.0.1:27117"
- #Mongodb crt
- openssl x509 -req -in mongodb.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256
- #PEM files
- cat mongodb.key mongodb.crt rootCA.crt > mongodb.pem
- cat rootCA.key rootCA.crt > rootCA.pem
- # Clean
- rm mongo.pkc mongo-truststore
- # Add mongo to keystore
- openssl pkcs12 -CAfile rootCA.pem -export -in mongodb.pem -out mongo.pkc -password pass:test12
- # Add root ca to trust store
- echo "y" | keytool -importcert -trustcacerts -file rootCA.crt -keystore mongo-truststore -storepass test12
- docker run -d
- --name testmongo
- -e MONGO_INITDB_ROOT_USERNAME=test
- -e MONGO_INITDB_ROOT_PASSWORD=test12
- -e MONGODB_DBNAME=testdb
- -v $sslpath:/etc/ssl/
- -p 27117:27017
- mongo:3.6
- --sslMode requireSSL
- --sslPEMKeyFile /etc/ssl/mongodb.pem
- --auth
- -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=local-files/ssl/mongo.pkc -Djavax.net.ssl.keyStorePassword=test12 -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStore=local-files/ssl/mongo-truststore -Djavax.net.ssl.trustStorePassword=test12 -Djavax.net.debug=true
- com.mongodb.MongoSocketWriteException: Exception sending message
- at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:465)
- at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:208)
- at com.mongodb.connection.CommandHelper.sendMessage(CommandHelper.java:89)
- at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32)
- at com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:85)
- at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:45)
- at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:116)
- at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:113)
- at java.lang.Thread.run(Thread.java:745)
- Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
- at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
- at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
- at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
- at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
- at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
- at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
- at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
- at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
- at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
- at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
- at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
- at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
- at com.mongodb.connection.SocketStream.write(SocketStream.java:75)
- at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:204)
- ... 7 more
- Caused by: java.security.cert.CertificateException: No subject alternative names present
- at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144)
- at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
- at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
- at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
- at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
- at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
- at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
- ... 16 more
- HttpsURLConnection.setDefaultHostnameVerifier(
- SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
- javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
- override def verify(hostname: String, sslSession: SSLSession): Boolean = {
- // hostname == "127.0.0.1"
- true
- }
- })
- openssl x509 -req -in mongodb.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256
- openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -in mongodb.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mongodb.crt -days 500 -sha256
Add Comment
Please, Sign In to add comment