Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MongooseServerSelectionError: self signed certificate in certificate chain with useNewUrlParser or useUnifiedTopology #9147

Closed
shahvicky opened this issue Jun 18, 2020 · 3 comments
Closed

MongooseServerSelectionError: self signed certificate in certificate chain with useNewUrlParser or useUnifiedTopology #9147

shahvicky opened this issue Jun 18, 2020 · 3 comments
Labels
docs This issue is due to a mistake or omission in the mongoosejs.com documentation
Milestone
5.9.22

Comments

@shahvicky
Copy link
Contributor

Do you want to request a feature or report a bug?
Bug
What is the current behavior?
I am trying to migrate from mongoose 4.13.20 to 5.9.18. The problem is I am not able to connect to mongodb with either mongoose.set('useNewUrlParser', true); or mongoose.set('useUnifiedTopology', true); or both.

Script I use with 4.13.20

var mongoose = require('mongoose');

const mongoOptions = {
    server: { poolSize: 2, socketOptions: { connectTimeoutMS: 30000, socketTimeoutMS: 60000, maxTimeMS: 25000, reconnectTries: 604800000 } }
    , replset: { poolSize: 2, socketOptions: { connectTimeoutMS: 30000, socketTimeoutMS: 60000, maxTimeMS: 25000 } }
    , promiseLibrary: require('bluebird')
};
const connStr = 'mongodb://user:pass@localhost:27027/db?authSource=admin&ssl=true';
var connection = mongoose.createConnection(connStr, mongoOptions);
connection.on('connected', function() {
    console.log('Mongoose connected to DB ');
});
connection.on('error', function(err) {
    console.log('Mongoose connection error: ' + err);
});

Output:

Db.prototype.authenticate method will no longer be available in the next major release 3.x as MongoDB 3.6 will only allow auth against users in the admin db and will no longer allow multiple credentials on a socket. Please authenticate using MongoClient.connect with auth credentials.
Mongoose connected to DB

Script I use with 5.9.18 (without useNewUrlParser or useUnifiedTopology)

var mongoose = require('mongoose');

const mongoOptions = {
    poolSize: 2
    , connectTimeoutMS: 30000
    , socketTimeoutMS: 60000
    , reconnectTries: 604800000
    , promiseLibrary: require('bluebird')
};
mongoose.set('useFindAndModify', false);

const connStr = 'mongodb://user:pass@localhost:27027/db?authSource=admin&ssl=true';
var connection = mongoose.createConnection(connStr, mongoOptions);
connection.on('connected', function() {
    console.log('Mongoose connected to DB ');
});
connection.on('error', function(err) {
    console.log('Mongoose connection error: ' + err);
});

Output:

(node:63412) DeprecationWarning: current URL string parser is deprecated, and will be removed in a future version. To use the new parser, pass option { useNewUrlParser: true } to MongoClient.connect.
(node:63412) DeprecationWarning: current Server Discovery and Monitoring engine is deprecated, and will be removed in a future version. To use the new Server Discover and Monitoring engine, pass option { useUnifiedTopology: true } to the MongoClient constructor.
Mongoose connected to DB

Script I use with 5.9.18 (with useNewUrlParser or useUnifiedTopology)

var mongoose = require('mongoose');

const mongoOptions = {
    poolSize: 2
    , connectTimeoutMS: 30000
    , socketTimeoutMS: 60000
    // , reconnectTries: 604800000 // no longer supported with useUnifiedTopology option
    , promiseLibrary: require('bluebird')
};
mongoose.set('useNewUrlParser', true);
mongoose.set('useFindAndModify', false);
mongoose.set('useUnifiedTopology', true);

const connStr = 'mongodb://user:pass@localhost:27027/db?authSource=admin&ssl=true';
var connection = mongoose.createConnection(connStr, mongoOptions);
connection.on('connected', function() {
    console.log('Mongoose connected to DB ');
});
connection.on('error', function(err) {
    console.log('Mongoose connection error: ' + err);
});

Output:

Mongoose connection error: MongooseServerSelectionError: self signed certificate in certificate chain
(node:64284) UnhandledPromiseRejectionWarning: MongooseServerSelectionError: self signed certificate in certificate chain
    at NativeConnection.Connection.openUri (/Users/vivekshah/Desktop/mongoose_upgrade/v5/node_modules/mongoose/lib/connection.js:826:32)
    at Mongoose.createConnection (/Users/vivekshah/Desktop/mongoose_upgrade/v5/node_modules/mongoose/lib/index.js:279:17)
    at Object.<anonymous> (/Users/vivekshah/Desktop/mongoose_upgrade/v5/testScript.js:17:27)
    at Module._compile (internal/modules/cjs/loader.js:701:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:712:10)
    at Module.load (internal/modules/cjs/loader.js:600:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:539:12)
    at Function.Module._load (internal/modules/cjs/loader.js:531:3)
    at Function.Module.runMain (internal/modules/cjs/loader.js:754:12)
    at startup (internal/bootstrap/node.js:283:19)
    at bootstrapNodeJSCore (internal/bootstrap/node.js:622:3)
(node:64284) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:64284) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

What are the versions of Node.js, Mongoose and MongoDB you are using? Note that "latest" is not a version.
Node.js -> v10.15.3
npm -> 6.14.1
mongoose -> migrating from 4.13.20 to 5.9.18
MongoDB -> 3.2.19
@vkarpov15 vkarpov15 modified the milestones: 5.9.20, 5.9.21 Jun 18, 2020
@vkarpov15 vkarpov15 modified the milestones: 5.9.21, 5.9.22 Jun 25, 2020
@vkarpov15
Copy link
Collaborator

I took a closer look and this is expected behavior. The most recent versions of the MongoDB driver perform more strict validation on SSL certificates by default, see docs: https://github.com/mongodb/node-mongodb-native/blob/master/docs/reference/content/tutorials/connect/tls.md

To work around this, you can set the tlsInsecure option to true. This will relax SSL constraints to what they were in Mongoose 4.x.

const mongoOptions = {
    poolSize: 2
    , connectTimeoutMS: 30000
    , socketTimeoutMS: 60000
    // , reconnectTries: 604800000 // no longer supported with useUnifiedTopology option
    , promiseLibrary: require('bluebird')
    , tlsInsecure: true // <-- add this option
};

@vkarpov15 vkarpov15 modified the milestone: 5.9.22 Jul 3, 2020
@vkarpov15 vkarpov15 added the docs This issue is due to a mistake or omission in the mongoosejs.com documentation label Jul 3, 2020
vkarpov15 added a commit that referenced this issue Jul 3, 2020
@vkarpov15
docs: add a note about SSL validation to migration guide
6fea8c3 
Re: #9147
@imaksp imaksp mentioned this issue Oct 5, 2020
Closed
@dginovker
Copy link

Was having this issue - fixed it by adding ?tlsInsecure as a parameter of my DATABASE_URI string:

DATABASE_URI = "mongodb://blasblahblah@localhost:10255/admin?tlsInsecure=true&ssl=true"

This was a life-saver for me since I didn't have the same mongoOptions as vkarpov15 above. Also don't do this in prod 🙃

@vkarpov15
Copy link
Collaborator

@dginovker you're right, you can specify tlsInsecure in either your connection string or connection options. Either works.

More on SSL connections in Mongoose here: https://mongoosejs.com/docs/tutorials/ssl.html

@Automattic Automattic locked and limited conversation to collaborators Nov 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
docs This issue is due to a mistake or omission in the mongoosejs.com documentation
Projects
None yet
Milestone
5.9.22
Development

No branches or pull requests
3 participants
@vkarpov15 @shahvicky @dginovker