By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

connecting to AWS documenDB from local using port forwarding set up

0

Hi All,

I have set up port forwarding using which I am able to connect to studio T3 host details as localhost:27017. But when I try connecting trough prgramatically via springboot application with rds-truststore.jks file I am getting bellow error

Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address localhost found at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:165) ~[na:na] at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:415) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) ~[na:na] ... 23 common frames omitted

it is due to there is no reference of localhost in the rds-truststore.jks file..

How to add the localhost to rds-truststore.jks file ?

Topics
Database
Tags
Amazon DocumentDB
Language
English
gksachin04
asked 3 months ago249 views
2 Answers
1
Accepted Answer

In my case below string helped in connecting to WS document DB from local machine

mongodb://<username>:<password>@localhost:27017/?tls=true&tlsInsecure=true

gksachin04
answered 3 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago
0

Try these:

  • Open the rds-truststore.jks file using keytool utility
  • keytool -keystore rds-truststore.jks -storepass <password> -list
  • Add the localhost alias to the truststore
  • keytool -keystore rds-truststore.jks -storepass <password> -alias localhost -import -file localhost.cer
  • Provide the path of the updated truststore in the springboot application configuration.
  • Restart the springboot application.
  • This will add the localhost certificate to the truststore and allow the application to connect to the database using localhost port forwarding without any certificate errors.
profile picture
EXPERT
Giovanni Lauria
answered 3 months ago
  • gksachin04
    3 months ago

    Thanks for answering, I did't try this as below connection string worked.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content