Self signed certificate issue in certificate chain in MongoDB cluster

Jack_Woehr · August 22, 2024, 4:16pm

If we diagnosed the problem correctly, what you did there should fix it.
It did not fix it!

Let me make sure once again that I understand what is happening:

Compass → Atlas No VPN … TLS is enabled, TLS works
Compass → Atlas Yes VPN … TLS is enabled TLS does not work, even with tlsCAFile assigned.

IF I have stated this correctly THEN I suggest one more test, if you can do it:

Try a connection on your VPN using real Linux or MocOS instead of WVD.
- If this works, the problem is WVD
- If this does not work, the problem is the VPN itself

shyama_lakshmi · August 22, 2024, 4:33pm

Thank you jack for your reply. Will try and update you.

shyama_lakshmi · August 22, 2024, 4:37pm

I just downloaded the ISRG certificate and saved as .pem file. I didn’t install that certificate in my WVD. Is that the problem. I am really new to this certificate related area that’s why. Really thanks for your time and reply

Jack_Woehr · August 22, 2024, 4:40pm

I thought it would be sufficient to do what you did: to assign it as the tlsCAFile in the Compass URI for your Atlas instance.
However, you can also try inserting the .pem in the certificate authority store for the WVD instance.
I know how that works on real Linux, but I don’t know how it works on WVD.
You should try that, because if you do not try that, we’ll never convince your network administrator that the network is the problem

shyama_lakshmi · August 23, 2024, 7:12am

I added .pem file to certificate folder, now the list showing the ISRG X1 certificate. After that I tried to connect by checking Use System Certificate Authority , showing error message as ‘read ECONNRESET’

Jack_Woehr · August 23, 2024, 2:20pm

Try adding the actual site certificate as well. I don’t think it will help, but try it just to complete your analysis.

shyama_lakshmi · August 28, 2024, 2:44pm

From our testing, we found that we can easily connect to the Azure MongoDB cluster database from our Windows Virtual Desktop (WVD). However, we are unable to connect to our AWS MongoDB cluster database from WVD, even though we are using the correct certificate. Could you please look into this? I believe this information might help you understand that the issue could be related to the differences between the Azure and AWS MongoDB platforms.

FYI, I am attaching the error log I received when attempting to connect to the AWS cluster.

ERROR: The driver was unable establish a valid connection to any server in the MongoDB deployment, so cannot perform a server selection. Detail: Server selection timeout: No available servers. Topology: { Type: ReplicaSetNoPrimary, Servers: [ { Address: cluster0-shard-00-01.3pz6r.mongodb.net:27017, Type: Unknown }, { Address: cluster0-shard-00-02.3pz6r.mongodb.net:27017, Type: Unknown }, { Address: cluster0-shard-00-00.3pz6r.mongodb.net:27017, Type: Unknown }, ] }

UNDERLYING ERROR: Server selection timeout: No available servers. Topology: { Type: ReplicaSetNoPrimary, Servers: [ { Address: cluster0-shard-00-01.3pz6r.mongodb.net:27017, Type: Unknown }, { Address: cluster0-shard-00-02.3pz6r.mongodb.net:27017, Type: Unknown }, { Address: cluster0-shard-00-00.3pz6r.mongodb.net:27017, Type: Unknown }, ] }

Jack_Woehr · August 28, 2024, 3:24pm

It sounds like you need support from AWS.