MongoNetworkError: failed to connect to server [amazonaws.com:27017] on first connect [Error: unable to get local issuer certificate

Question

I have my mongo details in Apache config file. And getting this error.

SetEnv MONGO_URL mongodb://:@XXXXXXXXX.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=/home/ec2-user/rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false

        App 2291 output: MongoNetworkError: failed to connect to server [XXXXXX.docdb.amazonaws.com:27017] on first connect [Error: unable to get local issuer certificate
        App 2291 output:     at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
        App 2291 output:     at TLSSocket.emit (events.js:310:20)
        App 2291 output:     at TLSSocket.EventEmitter.emit (domain.js:482:12)
        App 2291 output:     at TLSSocket._finishInit (_tls_wrap.js:917:8)
        App 2291 output:     at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12) {
        App 2291 output:   name: 'MongoNetworkError',
        App 2291 output:   [Symbol(mongoErrorContextSymbol)]: {}
        App 2291 output: }]

MongoNetworkError: [Error: unable to get local issuer certificate

Answer 1

It is fixed. I am supposed to use tls=true&tlsCAFile=/var/www/covidapp/rds-combined-ca-bundle.pem instead of ssl=true&ssl_ca_certs=/var/www/medapp/rds-combined-ca-bundle.pem

https://developer.mongodb.com/community/forums/t/mongonetworkerror-unable-to-get-local-issuer-certificate/3518/3

Answer 2

When TLS is enabled, by default both client and server verify each other's certificates. This means both of them need to have the CA certificate specified that is valid for the certificate the other side presents during handshake, along with any intermediate certificates.

For the node driver, see here for what the TLS options are named. ssl_ca_certs is not one of them.