Print
|
Original Question
or Issue:
|
Certificates have expired for MongoDB and we just reissued them. Now unable to connect to MongoDB and the database is down. |
|
Environment:
|
- Product - FileCloud on-prem
- Version - Any
- Platform - Any
- Application - MongoDB
|
| Steps to Reproduce: |
|
| Error or Log Message: |
|
|
Defect or
Enhancement Number:
|
|
| Cause: |
Certificates were not copied correctly. |
|
Resolution or
Workaround:
|
Replacing certificates in MongoDB can be a complex process. Below are steps to replace. The notes section has more information. Please contact support with additional questions.
- Copy to each node the CA certificate file: mongoCA.crt
- Copy each self-signed certificate <hostname>.pem into the relative member
-
Create on each member a directory that only the MongoDB user can read, and copy both files there
| OS |
Linux Command |
| |
$ sudo mkdir -p /etc/mongodb/ssl
$ sudo chmod 700 /etc/mongodb/ssl
$ sudo chown -R mongod:mongod /etc/mongodb
$ sudo cp mongossl1.pem /etc/mongodb/ssl
$ sudo cp mongoCA.crt /etc/mongodb/ssl
|
-
Copy these files to all web nodes and make sure apache has access:
/etc/ssl/filecloud-mongo.pem
/etc/ssl/mongoCA.crt
Change the configuration file /etc/mongod.conf on each host adding the following rows:
OS Linux Command
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/mongodb/ssl/mongossl1.pem
CAFile: /etc/mongodb/ssl/mongoCA.crt
Restart Mongod Daemon:
$ Systemctl restart mongod
|
| Notes: |
Configuring TLS/SSL and Authentication for MongoDB Cluster (filecloud.com) |
Related Articles
Self-Hosted Help Desk Software by
SupportPal