- Le plus récent
- Le plus de votes
- La plupart des commentaires
Please see: "What if I’m having issues connecting directly to my Amazon DocumentDB cluster from Mac OS X Catalina?" here: https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation-temp.html
Same problem here on macos :
2020-03-20T12:52:16.461+0100 E NETWORK [js] SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_CERT_SUSPENDED; connection rejected
2020-03-20T12:52:16.461+0100 E QUERY [js] Error: couldn't connect to server xxx.eu-west-1.docdb.amazonaws.com:27017, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_CERT_SUSPENDED; connection rejected :
connect@src/mongo/shell/mongo.js:341:17
My documentdb instance uses 2019 certificate and I tried with rds-ca-2019-eu-west-1.pem, rds-ca-2019-root.pem and rds-combined-ca-bundle.pem.
Mac OS X Catalina has updated the requirements for trusted certificates. Trusted certificates must now be valid for 825 days or fewer (see https://support.apple.com/en-us/HT210176). Amazon DocumentDB instance certificates are valid for over four years, longer than the Mac OS X maximum. In order to connect directly to an Amazon DocumentDB cluster from a computer running Mac OS X Catalina, you must allow invalid certificates when creating the TLS connection. In this case, invalid certificates mean that the validity period is longer than 825 days. You should understand the risks before allowing invalid certificates when connecting to your Amazon DocumentDB cluster.
To connect to an Amazon DocumentDB cluster from OS X Catalina using the AWS CLI, use the tlsAllowInvalidCertificates parameter.
mongo --tls --host <hostname> --username <username> --password <password> --port 27017 --tlsAllowInvalidCertificates
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 3 mois
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a 3 mois
