Login
There was a problem loading the comments.

How to Update MongoDB Certificates

Support Portal  »  Knowledgebase  »  Viewing Article
  Print

Original Question

or Issue:

 Certificates have expired for MongoDB and we just reissued them.  Now unable to connect to MongoDB and the database is down.

Environment:
  • Product - FileCloud on-prem
  • Version - Any
  • Platform - Any
Steps to Reproduce:  
Error or Log Message:  

Defect or

Enhancement Number:

  
Cause: Certificates were not copied correctly.

Resolution or

Workaround:

Replacing certificates in MongoDB can be a complex process.  Below are steps to replace.  The notes section has more information.  Please contact support with additional questions.

  • Copy to each node the CA certificate file: mongoCA.crt
  • Copy each self-signed certificate <hostname>.pem into the relative member

  • Create on each member a directory that only the MongoDB user can read, and copy both files there

    OS Linux Command
     

    $ sudo mkdir -p /etc/mongodb/ssl
    $ sudo chmod 700 /etc/mongodb/ssl
    $ sudo chown -R mongod:mongod /etc/mongodb
    $ sudo cp mongossl1.pem /etc/mongodb/ssl
    $ sudo cp mongoCA.crt /etc/mongodb/ssl

  • Copy these files to all web nodes and make sure apache has access:

    /etc/ssl/filecloud-mongo.pem
    /etc/ssl/mongoCA.crt

Change the configuration file /etc/mongod.conf on each host adding the following rows:

     OS Linux Command
net:
    ssl:
       mode: requireSSL
       PEMKeyFile: /etc/mongodb/ssl/mongossl1.pem
       CAFile: /etc/mongodb/ssl/mongoCA.crt

 

Restart Mongod Daemon:

$ Systemctl restart mongod
Notes:  Configuring TLS/SSL and Authentication for MongoDB Cluster (filecloud.com)
Share via

Related Articles

Self-Hosted Help Desk Software by SupportPal

Categories

Tags

© FileCloud