AWS DocumentDB through Proxy

Question

I have an AWS DocumentDB set up that I can connect to just fine through my jump box using:

mongo --ssl --host aws-host:27017 --sslCAFile rds-combined-ca-bundle.pem --username my_user --password <insertYourPassword>

I'd like to be able to connect to it through localhost for some testing. I cannot connect directly so I attempted to open a tunnel from my jump:

ssh -i ~/.ssh/my-key user@my_jump -L 27017:aws-host:27017 -N

After that I tried the basic MongoDB connect command:

mongo --ssl --host localhost:27017 --sslCAFile rds-combined-ca-bundle.pem --username my_user --password <insertYourPassword>

I get an error I understand:

The server certificate does not match the host name. Hostname: localhost does not match SAN(s)

I tried using export http_proxy to use http://my_jump:27017 and using the command above again with no luck.

Any suggestions or help on how to connect?

Answer 1

Try to disable ssl hostname validation:

mongo --ssl --sslAllowInvalidHostnames ...

Note --sslAllowInvalidHostnames is available from version 3.0.

If this does not work, try to remove --ssl entirely from the connection options, as according to the documentation:

The mongo shell verifies that the hostname (specified in --host option or the connection string) matches the SAN (or, if SAN is not present, the CN) in the certificate presented by the mongod or mongos. If SAN is present, mongo does not match against the CN. If the hostname does not match the SAN (or CN), the mongo shell will fail to connect.