Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

cannot read certificate file: /root/ssl/mongodb.pem MongoDB SSL ISSUE

Tags:

mongodb

ssl

I am unable to restart my mongodb service. On checking the logs at /var/log/mongodb/mongod.log I get the following error :

cannot read certificate file: /root/ssl/mongodb.pem error:0200100D:system library:fopen:Permission denied
2019-11-23T17:04:27.679+0000 F  CONTROL  [main] Failed global initialization: InvalidSSLConfiguration: Can not set up PEM key file.

My /etc/mongod.conf appears like :

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1
  tls:
      mode: requireTLS
      certificateKeyFile: /root/ssl/mongodb.pem
# how the process runs
processManagement:
  timeZoneInfo: /usr/share/zoneinfo

#security:

#operationProfiling:

#replication:

#sharding:

## Enterprise-Only Options:

#auditLog:

#snmp:

The permission for /root/ssl/ folder is :

-rw-rw-r-- 1 mongodb mongodb 1354 Nov 23 16:22 mongodb.crt
-rw-rw-r-- 1 mongodb mongodb 1082 Nov 23 16:22 mongodb.csr
-rw-rw-r-- 1 mongodb mongodb 1679 Nov 23 16:21 mongodb.key
-rw-rw-rw- 1 mongodb mongodb 3033 Nov 23 16:22 mongodb.pem
-rw-rw-r-- 1 mongodb mongodb 1751 Nov 23 16:20 rootCA.key
-rw-rw-r-- 1 mongodb mongodb 1472 Nov 23 16:21 rootCA.pem
-rw-rw-r-- 1 mongodb mongodb   17 Nov 23 16:22 rootCA.srl
Ubuntu 16.04 LTS
MongoDB : 4.2 
like image 647
Aniket Maithani Avatar asked Nov 15 '22 21:11

Aniket Maithani


1 Answers

the folder root usually have the following permissions:

drwx------    5 root root  4096 Nov 25 15:32 root/

which means the user mongodb cannot access it in the first place.

my advice is to move the files in the /root/ssl folder to /etc/ssl/mongodb/ and update the mongod.conf file accordingly.

like image 68
Ouss Avatar answered Apr 05 '23 22:04

Ouss