Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-2990

SSL error with mongodump (tls: private key does not match public key)

XMLWordPrintableJSON

    • Type: Icon: Investigation Investigation
    • Resolution: Gone away
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None

      Problem Statement/Rationale

      Hello,

      I have a mongodb server configured with ssl, in a kubernetes cluster. All is working fine with my mongo clients. However, I can not manage to connect with mongodump. I always get this error: "Failed: can't create session: error configuring the connector: error configuring client, can't load client certificate: tls: private key does not match public key".

      It's weird because I'm sure about my certificates (and they are working with a mongo client cli for example). I can not provide certificates in this issue for security reasons, but here is the structure:

       

      -----BEGIN RSA PRIVATE KEY-----
(My Private Key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(My Primary SSL certificate) -----
END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate) 
-----END CERTIFICATE-----  

      And this is my mongodump command: 

      mongodump mongodb://...uri..../?replicaSet=ReplicaName --ssl --sslCAFile="/certificates/ca.crt" --sslPEMKeyFile="/certificates/mongo-client.pem" --authenticationMechanism="MONGODB-X509" --authenticationDatabase='$external'

       

      I also verified my keys with openssl (just to be really sure) and it is ok. 

      Also, mogodump with ssl seems to work this kind of structure:

       

      -----BEGIN RSA PRIVATE KEY----- 
(My Private Key)
-----END RSA PRIVATE KEY----- 
-----BEGIN CERTIFICATE----- 
(My Primary SSL certificate) 
----- END CERTIFICATE-----

       

      Did someone already catch this behavior?

      Do not hesitate to ask me for some more information.

      Thank you!

      For information,

      mongodump version: 100.5.0
      git version: 460c7e26f65c4ce86a0b99c46a559dccaba3a07d
      Go version: go1.16.3
      os: linux
      arch: amd64
      compiler: gc

      MongoDB shell version v4.4.8
      Build Info: {
      "version": "4.4.8",
      "gitVersion": "83b8bb8b6b325d8d8d3dfd2ad9f744bdad7d6ca0",
      "openSSLVersion": "OpenSSL 1.1.1d 10 Sep 2019",
      "modules": [],
      "allocator": "tcmalloc",
      "environment": { "distmod": "debian10", "distarch": "x86_64", "target_arch": "x86_64" }
      }

       

      Expected Results

      Connection and dump successful

      Actual Results

      Error : Failed: can't create session: error configuring the connector: error configuring client, can't load client certificate: tls: private key does not match public key"

       

            Assignee:
            Unassigned Unassigned
            Reporter:
            yohan.boyer.pro@gmail.com Yohan Boyer
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: