OpsManager Application can't connect to opsmanager database with SSL/TLS enabled

Question

I have implemented a opsmanager database as replica set..based on below steps

https://www.percona.com/blog/2018/05/31/mongodb-deploy-replica-set-with-transport-encryption-part-3/

Now I have created a instance for opsmanager application,now i want to connect to database. For this I have mentioned the cert pem file in conf-mms.properties. When I start the application,during pre-flight check I am getting this error

Failed to refresh database properties com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=x.x.x.x:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}

I have given the .crt and .pem file in /home/ubuntu which i generated and got from database CA.. But the error says unable to find valid certificate path.

I suspect below issues: 1.while giving CN in database instance openssl,i have used ip-x-x-x as hosts Now in conf.proerties i have mentioned the ips 2.This way I can connect between each database instance 3.In mongodb.ssl.CAFile i have given the .crt file,is this correct?

sudo mongo "mongodb://ip-x-x-x-x:27017" \

    --tlsCertificateKeyFile /etc/mongodb/ssl/psmdb1.pem \
    --tls \
    --tlsCAFile /etc/mongodb/ssl/mongoCA.crt

Kindly support to solve this issue

Answer 1

Issue is solved. In ops manager config file for mongodb.ssl.CAFile parameter I have wrongly used the certificate, Should use the CA authority which I got first.