How to Update MongoDB Certificates

Original Question or Issue:

Certificates have expired for MongoDB and we just reissued them.  Now unable to connect to MongoDB and the database is down.

Environment:

• Product - FileCloud Server
• Version - Any
• Platform - Any

Steps to Reproduce:

Error or Log Message:

Defect or Enhancement Number:

Cause:

Certificates were not copied correctly.

Resolution or Workaround:

Replacing certificates in MongoDB can be a complex process.  Below are steps to replace.  The notes section has more information.  Please contact support with additional questions.

• Copy to each node the CA certificate file: mongoCA.crt
• Copy each self-signed certificate <hostname>.pem into the relative member

• Create on each member a directory that only the MongoDB user can read, and copy both files there

  OS	Linux Command
  	$ sudo mkdir -p /etc/mongodb/ssl $ sudo chmod 700 /etc/mongodb/ssl $ sudo chown -R mongod:mongod /etc/mongodb $ sudo cp mongossl1.pem /etc/mongodb/ssl $ sudo cp mongoCA.crt /etc/mongodb/ssl

• Copy these files to all web nodes and make sure apache has access:

  /etc/ssl/filecloud-mongo.pem
  /etc/ssl/mongoCA.crt

Change the configuration file /etc/mongod.conf on each host adding the following rows:

     OS Linux Command
net:
    ssl:
       mode: requireSSL
       PEMKeyFile: /etc/mongodb/ssl/mongossl1.pem
       CAFile: /etc/mongodb/ssl/mongoCA.crt

Restart Mongod Daemon:

$ Systemctl restart mongod

Notes:

Configuring TLS/SSL and Authentication for MongoDB Cluster (filecloud.com)