本文介绍了如何通过将所有选项都放在mongodb的node.js驱动程序的连接字符串中来与X509连接?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用 mongodb docs X509身份验证和Node.js驱动程序对自签名证书进行验证.

I'm using the keys available in mongodb docsfor a self-signed certificate using X509 authentication with a Node.js Driver.

尝试连接数据库时,出现以下错误:

When trying to connect to the database I get the following error:

MongoNetworkError:首次连接时无法连接到服务器[pedro.com:57040] [MongoNetworkError:无法验证第一个证书]

尽管有此错误,但我确信该连接可以像使用Studio 3T一样正常工作,并且使用相同的证书即可正常运行.

Despite that error, I am sure that the connection works as I am using Studio 3T and everything is up and running by using the same certificates.

所以我的问题是...如何通过在连接字符串中写入所有选项来使用x509证书以编程方式连接到数据库?也许我给的钥匙错了?还是缺少一些?

So my question is... how can I programmatically connect to a database using x509 certificate by writing all the options in the connection string? Perhaps the keys that I am giving are wrong? Or some are missing?

db: `mongodb://CN=pedro.com,OU=IT,O=Polygon,L=Setubal,ST=Setubal,[email protected]:57040,pedro.com:57041
,pedro.com:57042/testBO?
ssl=true&authMechanism=MONGODB-X509
&sslPEMKeyFile=${fs.readFileSync(
        `${Helpers.appRoot(Env.get('DB_SSL_CERT'))}`
      )}
&sslCAFile=${fs.readFileSync(
        `${Helpers.appRoot(Env.get('DB_SSL_CA'))}`
      )}&replicaSet=testReplica`

推荐答案

您需要确保服务器和客户端都可以验证彼此的证书.这两个验证是独立的,并且使用不同的选项.

You need to ensure both server and client can verify each other's certificates. The two verifications are independent and use different options.

对于服务器端,请参见https://github.com/mongodb/mongo-ruby-driver/blob/master/.evergreen/run-tests.sh#L74 ,对于客户端,请参见 https://github.com/mongodb/mongo-ruby-driver/blob/master/.evergreen/run-tests.sh#L91 .URI选项是跨驱动程序标准化的.

For server side see https://github.com/mongodb/mongo-ruby-driver/blob/master/.evergreen/run-tests.sh#L74, for client side see https://github.com/mongodb/mongo-ruby-driver/blob/master/.evergreen/run-tests.sh#L91. URI options are standardized across drivers.

另请参见 https://github.com/mongodb/mongo-ruby-driver/blob/master/spec/README.md#x509-authentication .

sslPEMKeyFile 是旧版节点驱动程序选项(假设它是有效的),tls *选项采用文件路径而不是文件内容.

sslPEMKeyFile is a legacy node driver option (assuming it is valid), the tls* options take paths to files and not file contents.

这篇关于如何通过将所有选项都放在mongodb的node.js驱动程序的连接字符串中来与X509连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-26 05:24