On Sun, Sep 7, 2014 at 10:26 PM, Liz Fall <f...@sbcglobal.net> wrote:
> I am getting the following with my client cert when trying to connect to
> an SSL-enabled MongoDB:
>
>
> 2014-09-03T13:37:56.881-0500 ERROR: cannot read PEM key file:
> /users/apps/tstlrn/u019807/DTCD9C3B2F42757.ent.wfb.bank.corp_mongo_wells.pem
> error:0906D06C:PEM routines:PEM_read_bio:no start line
>
>
>
> The cert file is the following:
>
>
>
> • DTCD9C3B2F42757.ent.wfb.bank.corp_mongo_wells.pem
> • WF Enterprise CA 02 certificate, signed by WF Root
> • WF Root certificate
>
You should probably post the certificate somewhere so others can examine it.
> I was told by the support at MongoDB to do the following:
>
>
>
> § Copy the certificates into a text editor to ensure there is no
> whitespace
>
> § Ensure the beginning and end certificate statements are on there own
> line and have the same number of '-' at each end.
>
> § Ensure each line has 64 chars (except the last line)
>
I don't believe OpenSSL has these restrictions.
Are they MongoDB requirements?
> I have checked and verified that there is no whitespace. Also, the BEGIN
> and END statements look correct. However, each line in the cert is 76
> chars in length, except for the last line. Should the lines be
> 64-characters long?
>
The following will tell you if the problem is with the certificate or lies
elsewhere.
openssl x509 -in ...bank.corp_mongo_wells.pem -inform PEM -text -noout
You can also try -inform DER if the certificate is ASN.1/DER encoded. If it
is, then convert it from DER to PEM.
If you can dump the certificate, then the certificate is probably OK and
the problem likely lies elsewhere.
Jeff
