On Mon, Sep 08, 2014 at 08:14:32PM -0700, Liz Fall wrote:
> I am trying to connect to a MongoDB SSL-enable database. This is the API:
> // only really need a PEM on the server side
> mongo::sslGlobalParams.sslPEMKeyFile = "<path/to/keyfile.pem>";
The comment is highly misleading. PEM is a "meta" format. It
encapsulates base64 encoded blobs between BEGIN/END headers/trailers,
allowing multiple objects to be concatenated unambiguously and
transported undamaged via ASCII email.
This this is a client, what goes here is likely a client certificate
chain and a client private key, or just NULL, if client certificates
are not employed (you're likely authenticating the client with a
username and password instead).
------ BEGIN RSA PRIVATE KEY -----
private key for client cert base64 encoded
------ END RSA PRIVATE KEY -----
client cert base64 encoded
------ END CERTIFICATE -----
------ BEGIN CERTIFICATE -----
intermediate issuer base64 encoded
------ END CERTIFICATE -----
...
------ BEGIN CERTIFICATE -----
root issuer base64 encoded
------ END CERTIFICATE -----
I would try NULL first. You may need to separately specify a
CAfile, or CApath for validating the server certificate.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
