Viktor and all:
Thanks for your response.
I am trying to connect to a MongoDB SSL-enable database. This is the API:
#include "mongo/util/net/ssl_options.h"
#include "mongo/client/init.h"
int main() {
sslGlobalParams.sslMode.store(SSLGlobalParams::SSLMode_requireSSL);
// only really need a PEM on the server side
mongo::sslGlobalParams.sslPEMKeyFile = "<path/to/keyfile.pem>";
mongo::Status status = mongo::client::initialize();
if (!status.isOK())
::abort();
DBClientConnection c;
c.connect("hostname.whatever.com"); // outgoing connections are SSL
}
My question to MongoDB support was: From the code above, the comment states
that there is only a need of a PEM on the server side. What identifies the
"key store" on the C++ client server? Is as key store not required on the
C++ linux server where my application is running?
MongoDB support response was: That is correct. For encrypted communications
only the MongoDB server needs a PEM file.
I am just not sure what I am supposed to be providing as far as the
sslPEMKeyFile. I have these certificates:
. DTCD9C3B2F42757.ent.wfb.bank.corp_mongo_server.pem
. private key of DTCD9C3B2F42757.ent.wfb.bank.corp machine
. certificate for DTCD9C3B2F42757.ent.wfb.bank.corp, signed by WF
Enterprise CA 02
. DTCD9C3B2F42757.ent.wfb.bank.corp_mongo_wells.pem
. WF Enterprise CA 02 certificate, signed by WF Root
. WF Root certificate
Can someone please help clarify this?
Thanks,
Liz
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Viktor Dukhovni
Sent: Monday, September 08, 2014 7:54 PM
To: [email protected]
Subject: Re: cannot read PEM key file - no start line
On Mon, Sep 08, 2014 at 07:44:56PM -0700, Liz Fall wrote:
> This is what my cert looks like below: What are you saying I should do?
> Thanks for the clarification.
These are the certificates for an intermediate CA and the issuing root CA.
Generally, you'd append these to a certificate file with the server
certificate as the first entry, and a corresponding private key in some
other (not world-readable) file.
subject= /C=US/O=Wells Fargo/OU=Wells Fargo Certificate Authorities/CN=Wells
Fargo Enterprise CA 02 issuer= /C=US/O=Wells Fargo/OU=Wells Fargo
Certification Authority/CN=Wells Fargo Root Certificate Authority
notBefore=May 28 18:17:26 2009 GMT notAfter=May 28 18:17:26 2019 GMT
SHA1 Fingerprint=DD:B1:96:37:D9:9D:EC:8F:05:A2:B1:38:BC:11:D4:AF:ED:0A:BE:39
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgIEQLJp/DANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNTI4MTgxNzI2WhcNMTkwNTI4
MTgxNzI2WjB4MQswCQYDVQQGEwJVUzEUMBIGA1UEChMLV2VsbHMgRmFyZ28xLDAq
BgNVBAsTI1dlbGxzIEZhcmdvIENlcnRpZmljYXRlIEF1dGhvcml0aWVzMSUwIwYD
VQQDExxXZWxscyBGYXJnbyBFbnRlcnByaXNlIENBIDAyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAm1mEVgXlHHbd4DrKFIROTf6Q5JwzJEtjFiWN4lQs
EvKeVN1p7/ua16c0gFhizQvuD002pttUG7Tn6uUonUYxJajD2TnykAQu1m5Ks1gi
sNgYCGzH8tluKeWYANppSRt5F1Is3YtsNOGiYtVFnZf3FejOzVWkhnT5rYXjTf9O
su5KK1Jh7NywbFU5P2ytC4h/M9xnlHuCjy7RBmN956iG7Eb+BBrvo7ZfTfzWuFzm
vficKovoDbZOloLHHsRzj2iQ2euY+xW/g+Zn1lHPQCZfTdLgPUcnV7qpP+1fRVy5
hNLQTw3nBrNa5RLIZK8RBpY6kig4wWhyNKP+9Ssc2m34lQIDAQABo4ICMTCCAi0w
DwYDVR0TAQH/BAUwAwEB/zCBgwYDVR0gBHwwejA7BgtghkgBhvt7g3QAADAsMCoG
CCsGAQUFBwIBFh5odHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2Nwcy8wOwYLYIZI
AYb7e4N0AAEwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3dy53ZWxsc2ZhcmdvLmNv
bS9jcHMvMHcGCCsGAQUFBwEBBGswaTAwBggrBgEFBQcwAYYkaHR0cDovL29jc3At
cm9vdC5wa2kud2VsbHNmYXJnby5jb20vMDUGCCsGAQUFBzAChilodHRwOi8vY3Js
LnBraS53ZWxsc2ZhcmdvLmNvbS93Zl9yb290LmNydDAOBgNVHQ8BAf8EBAMCAfYw
gbIGA1UdIwSBqjCBp4AUFK8Y973m52vjWvrqUe/+1FpxOcChgYikgYUwgYIxCzAJ
BgNVBAYTAlVTMRQwEgYDVQQKEwtXZWxscyBGYXJnbzEsMCoGA1UECxMjV2VsbHMg
RmFyZ28gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJldlbGxzIEZh
cmdvIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggQ55JeeMDcGA1UdHwQwMC4w
LKAqoCiGJmh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3Jvb3QuY3JsMB0G
A1UdDgQWBBTEq0W2OgsBHGJcyj/H480vMMRX1zANBgkqhkiG9w0BAQUFAAOCAQEA
LUIw6yFNj7mrTSIuqtT6rsAXgKApylI3HtepbWa6qxEmmDDjCAaOxXZKShTxBQa6
qSpYFg0KFxqKsNiot8CAEMxXcapr5OLwytTFvnDSRa9H+mlLT6jpZi8C3fbqEvbV
eh7NjT4oj8fNbsf13UgN0xxlgiez47locWVADdYP/RucG31o+8OqJaZ/+AWsc+B6
LoQ9jaYlYaiXXERQopLS8dxTeGp8pvmdYK4ghHG/AwLW0fEcaqQOqrBcf8A+3/RQ
YEdJ62vZ8Q9T6HwbdPr0zToqeVM5i+DgLjy2fq1eEp6a5In0N78tkgEr8NPlpPgb
93C6T8kNYioQY20dNklqLQ==
-----END CERTIFICATE-----
subject= /C=US/O=Wells Fargo/OU=Wells Fargo Certification Authority/CN=Wells
Fargo Root Certificate Authority issuer= /C=US/O=Wells Fargo/OU=Wells Fargo
Certification Authority/CN=Wells Fargo Root Certificate Authority
notBefore=Oct 11 16:41:28 2000 GMT notAfter=Jan 14 16:41:28 2021 GMT
SHA1 Fingerprint=93:E6:AB:22:03:03:B5:23:28:DC:DA:56:9E:BA:E4:D1:D1:CC:FB:65
-----BEGIN CERTIFICATE-----
MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
-----END CERTIFICATE-----
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
