- 최신
- 최다 투표
- 가장 많은 댓글
Please see: "What if I’m having issues connecting directly to my Amazon DocumentDB cluster from Mac OS X Catalina?" here: https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation-temp.html
Same problem here on macos :
2020-03-20T12:52:16.461+0100 E NETWORK [js] SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_CERT_SUSPENDED; connection rejected
2020-03-20T12:52:16.461+0100 E QUERY [js] Error: couldn't connect to server xxx.eu-west-1.docdb.amazonaws.com:27017, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_CERT_SUSPENDED; connection rejected :
connect@src/mongo/shell/mongo.js:341:17
My documentdb instance uses 2019 certificate and I tried with rds-ca-2019-eu-west-1.pem, rds-ca-2019-root.pem and rds-combined-ca-bundle.pem.
Mac OS X Catalina has updated the requirements for trusted certificates. Trusted certificates must now be valid for 825 days or fewer (see https://support.apple.com/en-us/HT210176). Amazon DocumentDB instance certificates are valid for over four years, longer than the Mac OS X maximum. In order to connect directly to an Amazon DocumentDB cluster from a computer running Mac OS X Catalina, you must allow invalid certificates when creating the TLS connection. In this case, invalid certificates mean that the validity period is longer than 825 days. You should understand the risks before allowing invalid certificates when connecting to your Amazon DocumentDB cluster.
To connect to an Amazon DocumentDB cluster from OS X Catalina using the AWS CLI, use the tlsAllowInvalidCertificates parameter.
mongo --tls --host <hostname> --username <username> --password <password> --port 27017 --tlsAllowInvalidCertificates
