Aliencc
Reputation: 81
Mongo SSL with Java Exception sending message
I'm using mongo to create SSL connection between the java client and a mongo replica set. It worked fine with mongo shell so I assume I have done something wrong with java. There is already a thread that is similar to this but it didn't help. Here is my configuration:
Starting two mongod:
mongod --keyFile D:\mongoDBFiles\mongokey --sslMode requireSSL --sslPEMKeyFile D:\mongoDBFiles\mongodb.pem --port 27017 --dbpath D:\mongoDBFiles\node1 --replSet foo --smallfiles --oplogSize 128
mongod --keyFile D:\mongoDBFiles\mongokey --sslMode requireSSL --sslPEMKeyFile D:\mongoDBFiles\mongodb.pem --port 27018 --dbpath D:\mongoDBFiles\node2 --replSet foo --smallfiles --oplogSize 128
If I just use mongo shell it would work well like this:
mongo --ssl --sslCAFile D:\mongoDBFiles\mongodb.pem --sslPEMKeyFile D:\mongoDBFiles\mongoclient.pem --sslPEMKeyPassword password
However it doesn't work with java driver:
final MongoCredential credential = MongoCredential.createCredential("admin", "admin", "password".toCharArray());
final MongoClientOptions o = new MongoClientOptions.Builder().socketFactory(SSLSocketFactory.getDefault()).build();
final MongoClient mongoClient = new MongoClient(Arrays.asList(new ServerAddress("localhost", 27017), new ServerAddress("localhost", 27018)),
Arrays.asList(credential), o);
mongoClient.slaveOk();
MongoDatabase database = mongoClient.getDatabase("testDB");
final MongoCollection<Document> coll = database.getCollection("testCollection");
Document doc = new Document("test Document timestamp ", new Date().toString());
coll.insertOne(doc);
FindIterable<Document> itr = coll.find();
int counter = 1;
for (Document docu : itr) {
System.out.println("Document number " + counter);
System.out.println(docu.toString());
counter++;
}
Anything went well before adding the ssl options. I also create the keystore just as instructed in the mongoDB website:
%JAVA_HOME%\bin\keytool -importcert -trustcacerts -file D:\mongoDBFiles\mongodb.crt -keystore mongoKeyStore -storepass password
And the VM arguments:
-Djavax.net.ssl.trustStore=mongoKeyStore -Djavax.net.ssl.trustStorePassword=password
And finally the error stack trace:
16:45:31.760 [main] INFO org.mongodb.driver.cluster - Cluster created with settings {hosts=[localhost:27017, localhost:27018], mode=MULTIPLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
16:45:31.762 [main] INFO org.mongodb.driver.cluster - Adding discovered server localhost:27017 to client view of cluster
16:45:31.795 [main] INFO org.mongodb.driver.cluster - Adding discovered server localhost:27018 to client view of cluster
16:45:31.796 [main] DEBUG org.mongodb.driver.cluster - Updating cluster description to {type=UNKNOWN, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING}, {address=localhost:27018, type=UNKNOWN, state=CONNECTING}]
16:45:31.814 [main] INFO org.mongodb.driver.cluster - No server chosen by PrimaryServerSelector from cluster description ClusterDescription{type=UNKNOWN, connectionMode=MULTIPLE, all=[ServerDescription{address=localhost:27017, type=UNKNOWN, state=CONNECTING}, ServerDescription{address=localhost:27018, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
16:45:31.889 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27018] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:2}
16:45:31.889 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27017] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:1}
16:45:31.889 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27018] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:2}
16:45:31.889 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27017] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:1}
16:45:31.894 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27018] INFO org.mongodb.driver.cluster - Exception in monitor thread while connecting to server localhost:27018
com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:461) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:204) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.CommandHelper.sendMessage(CommandHelper.java:89) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:83) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:43) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:115) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:127) ~[mongo-java-driver-3.0.0.jar:na]
at java.lang.Thread.run(Thread.java:722) [na:1.7.0_03]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1826) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1809) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1735) ~[na:1.7.0_03]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:116) ~[na:1.7.0_03]
at com.mongodb.connection.SocketStream.write(SocketStream.java:75) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:200) ~[mongo-java-driver-3.0.0.jar:na]
... 7 common frames omitted
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90) ~[na:1.7.0_03]
at sun.security.validator.Validator.getInstance(Validator.java:179) ~[na:1.7.0_03]
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:314) ~[na:1.7.0_03]
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:173) ~[na:1.7.0_03]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:186) ~[na:1.7.0_03]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) ~[na:1.7.0_03]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1319) ~[na:1.7.0_03]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) ~[na:1.7.0_03]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) ~[na:1.7.0_03]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685) ~[na:1.7.0_03]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111) ~[na:1.7.0_03]
... 9 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[na:1.7.0_03]
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) ~[na:1.7.0_03]
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) ~[na:1.7.0_03]
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88) ~[na:1.7.0_03]
... 22 common frames omitted
16:45:31.894 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27017] INFO org.mongodb.driver.cluster - Exception in monitor thread while connecting to server localhost:27017
com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:461) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:204) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.CommandHelper.sendMessage(CommandHelper.java:89) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:83) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:43) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:115) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:127) ~[mongo-java-driver-3.0.0.jar:na]
at java.lang.Thread.run(Thread.java:722) [na:1.7.0_03]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1826) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1809) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1735) ~[na:1.7.0_03]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:116) ~[na:1.7.0_03]
at com.mongodb.connection.SocketStream.write(SocketStream.java:75) ~[mongo-java-driver-3.0.0.jar:na]
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:200) ~[mongo-java-driver-3.0.0.jar:na]
... 7 common frames omitted
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90) ~[na:1.7.0_03]
at sun.security.validator.Validator.getInstance(Validator.java:179) ~[na:1.7.0_03]
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:314) ~[na:1.7.0_03]
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:173) ~[na:1.7.0_03]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:186) ~[na:1.7.0_03]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) ~[na:1.7.0_03]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1319) ~[na:1.7.0_03]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) ~[na:1.7.0_03]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) ~[na:1.7.0_03]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294) ~[na:1.7.0_03]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685) ~[na:1.7.0_03]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111) ~[na:1.7.0_03]
... 9 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[na:1.7.0_03]
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) ~[na:1.7.0_03]
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) ~[na:1.7.0_03]
at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88) ~[na:1.7.0_03]
... 22 common frames omitted
16:45:31.895 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27018] DEBUG org.mongodb.driver.cluster - Updating cluster description to {type=UNKNOWN, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING}, {address=localhost:27018, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}, caused by {java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}, caused by {java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}}]
16:45:31.895 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27017] DEBUG org.mongodb.driver.cluster - Updating cluster description to {type=UNKNOWN, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}, caused by {java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}, caused by {java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}}, {address=localhost:27018, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}, caused by {java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}, caused by {java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty}}]
16:45:32.402 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27018] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:3}
16:45:32.402 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27017] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:4}
16:45:32.402 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27018] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:3}
16:45:32.403 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27017] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:4}
16:45:32.911 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27017] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:6}
16:45:32.911 [cluster-ClusterId{value='5527e20bdea3b318ecf76f4e', description='null'}-localhost:27018] DEBUG org.mongodb.driver.connection - Closing connection connectionId{localValue:5}
Thank you!
Upvotes: 5
Views: 20809
Answers (3)
Praveen Dasari
Reputation: 11
Exception sending message This is actually comes from network access problem. In mongo cloud So we can handle this error Log into mongodb Go to Security - Network Access - Add up address - add current ip address
Upvotes: 0
Kushagra Srivastava
Reputation: 19
There was the same problem with me when we were trying to connect mongo db with spark locally on spark.
Few things to check make sure your spark command is correct. i)spark-submit --master local[8] --class --conf spark.executor.extraJavaOptions=-Djavax.net.ssl.trustStore= --driver-java-options -Djavax.net.ssl.trustStore=
ii) also check the mongo configuration of the server i used below net: bindIp: 0.0.0.0,localhost port: 27017 ssl: mode: requireSSL PEMKeyFile: test-server1.pem disabledProtocols: TLS1_0,TLS1_1
Issue for us was that we were using CAFile: /etc/ssl/caToValidateClientCertificates.pem property in mongo file . So the CA certificate of java trust store was not matching with the java one.
Make sure also if CA certs are matching . if not then remove the line of CAFile: from mongo .
At mongo server end it was giving error like this SSL: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
Upvotes: 1
Aliencc
Reputation: 81
yes it was the path, thanks anyone who spent time to read this question!
-Djavax.net.ssl.trustStore=D:\mongoDBFiles\mongodbStore -Djavax.net.ssl.trustStorePassword=password -Djavax.security.auth.useSubjectCredsOnly=false
Upvotes: 3
Related Questions
- SSL Java java.io.IOException: Invalid keystore format
- Connecting to MongoDb with SSL from JAVA app
- How to authenticate between a Java 11 Client - MongoDB 4.4 (SSL)?
- How to connect to MongoDB Enabled with SSL and Auth using java
- java.security.cert.CertPathValidatorException: Certificate chaining error
- Trouble authenticating against MongoDB v2.6 with x509 certificates using mongo-java-driver
- Can't connect mongodb with ssl from server application
- Can't connect from JAVA to Mongo SSL Replica Set
- MongoDB Authentication failure from mongo java client
- MongoDB ssl in java works only with intermediate certificate