mongodb-charts ssl data source PRIVATE KEY error

Question

I'm trying to connect to an SSL protected Mongo DB instance running a service from a local MongoDB-charts deployment. I got a local Mongo running as metadata DB, and MongoDB-charts running from a local container following instructions on:

https://docs.mongodb.com/charts/19.12/installation/

But when I want to connect to a Mongo DB instance running a service and protected with SSL using a certificate I get the following error:

I've copied the certificate within the container. I know it is being picked up because If I rename the filename, MongoDB-charts complains that the cert file doesn't exist.

I'm able to connect to the MongoDB service from Mongo shell, and from MongoDB-compass using the same credentials and same certificate, therefore that information is correct. I figure it has to be something missing on the container but I cannot find a solution.

¿Any tips?

Answer 1

I was provided with the solution in my company internal forum.

I had that error ...

"Because it’s a CA file, not a Key file - with the option you’re selecting, it’s looking for a certificate and a key"

Solution: Use tlsCAFile instead of sslclientcertificatekeyfile in the Mongo URI.
Example:

mongodb://user:password@host0,host2/dbname?authSource=admin&replicaSet=replset&ssl=true&sslclientcertificatekeyfile=/mongodb-charts/volumes/db-certs/cert.pem

Answer 2

Charts uses the Go driver - you can see the code that produces that error at https://github.com/mongodb/mongo-go-driver/blob/master/mongo/options/clientoptions.go.

Since you're using an SSL client certificate, it's expecting to find a private key in the PEM file. Do you have that? A PEM file may contain just a public key, or a public key + a private key. The error implies your file only contains the public key.

Tom