Reputation: 524
A timeout connection to AWS documentDb with ssl enabling
I'm creating new cluster of documentDb in AWS and trying to connect with my net.core application by MongoDriver to it. Cluster with Ssl enabled property.
According to this question and answers I have tried couple ways for reaching my goal.
- Import chain of certificates to local computer storage, into Trusted Root Certification Authorities rds-combined-ca-bundle.p7b;
- Read the pem file and create certificate in code for C# or use it in mongoShell with
--sslCAFileparam.
var clientSetting = MongoClientSettings.FromUrl("mongodb://<myloging>:<mypassword>@<myclusterendpoint>/?ssl=true&replicaSet=rs0");
var setting = new MongoClientSettings()
{
Server = clientSetting.Server,
UseSsl = clientSetting.UseSsl,
Credential = clientSetting.Credential,
GuidRepresentation = GuidRepresentation.CSharpLegacy,
ReadPreference = new ReadPreference(ReadPreferenceMode.Primary),
VerifySslCertificate = true,
SslSettings = new SslSettings
{
ClientCertificates = new List<X509Certificate2>()
{
new X509Certificate2("<path>\\rds-combined-ca-bundle.pem")
},
EnabledSslProtocols = System.Security.Authentication.SslProtocols.Default,
CheckCertificateRevocation = true
},
ReplicaSetName = clientSetting.ReplicaSetName
};
setting.SslSettings.ClientCertificateSelectionCallback = (sender, host, certificates, certificate, issuers) => setting.SslSettings.ClientCertificates.ToList()[0];
setting.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
setting.MaxConnectionIdleTime = new TimeSpan(0, 0, 30);
client = new MongoClient(setting);
And do this:
var filter = new BsonDocument("name", "mycollection");
var collectionCursor = client.GetDatabase("mydatabase").ListCollections(new ListCollectionsOptions { Filter = filter });
if (!collectionCursor.Any())
{
throw new Exception("Collection not found");
}
I expect that will get collection with name mycollection or Collection not found exception, but getting
A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "1", ConnectionMode : "ReplicaSet", Type : "ReplicaSet", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/<myclusterendpoint>" }", EndPoint: "Unspecified/<myclusterendpoint>", State: "Disconnected", Type: "Unknown" }] }.
Same problem when try to connect via MongoShell. Maybe problem is in different zones. Example: cluster created in us-east-2 and I try to connect from Ukraine. :)
UPD: Assume that I should be in one VPC for connecting to DocumentDb cluster.
Upvotes: 3
Views: 12444
Answers (2)
Reputation: 524
My problem was in designe of access to AWS DocumentDB. More info about database access out of VPC.
Upvotes: 4
Reputation: 227
I see couple of things you may want to look at:
UseSsl = clientSetting.UseSsl,- Set this totruenew X509Certificate2("<path>\\rds-combined-ca-bundle.pem")- You may need to read the file contents first rather than give the path based on the API documentation: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.-ctor?view=netframework-4.7.2
Upvotes: 2
Related Questions
- Timeout while connecting to DocumentDB from Lambda
- AWS DocumentDB TLS connection with Java
- Cert error connecting to AWS DocumentDB from Docker C# app
- Why am I getting connection timed out when connecting to AWS Document DB from my local machine with TLS disabled?
- AWS DocumentDB connection problem with TLS
- Amazon DocumentDB fails to connect with error "SSL peer certificate validation failed"
- Unable to determine Mongoose SSL connection error to DocumentDB
- Time out when trying to connect to AWS DocumentDB from local NodeJS app
- Cannot Connect to AWS Database using TLS with Server CA Validation
- Connecting to DocumentDB using SSL with the MongoDB C# driver