Running mongodump on Windows in NETWORK_SERVICE mode which restricts access to many local resources. Attempting to dump from an Atlas cluster which requires TLS. Getting error:
mongodump exited with code 1: \r\n \r\n 2018-11-08T11:25:04.596+0000\tFailed: can't create session: error configuring the connector: openssl configuration: Error setting up system certificate authority: error opening system CA store: Access is denied.
It appears that this issue has been fixed in the C driver (CDRIVER-1964) and also in the mongo/mongos/mongod code (SERVER-27592). The corresponding fix would appear to be required in the importCertStoreToX509_STORE method that is used by the tools, to wit changing line 57 from this:
CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, (HCRYPTPROV)NULL, storeLocation, storeName);
to this:
CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, (HCRYPTPROV)NULL, storeLocation | CERT_STORE_READONLY_FLAG, storeName);
- backported by
-
TOOLS-2869 [v4.0] mongodump failing on Windows with "error opening system CA store: Access is denied."
- Closed
- is related to
-
CDRIVER-1964 Windows CA stores should be opened with read-only flag
- Closed
-
SERVER-27592 Windows Certificate Store must be opened read-only
- Closed