I specified tlsCertificateKeyFile=/path/client.pem, but in the drill debug output it just shows:
time [something] WARN org.mongodb.driver.uri - Connection string contains unsupported option 'tlscertificatekeyfile' time [something] WARN org.mongodb.driver.uri - Connection string contains unsupported option 'tlsallowinvalidcertifcates' my connection string indeed has the case sensitive names in there, the log just lowercases them. it seems like the connection string doesn't allow or isn't parsing those values. On Tue, Jul 15, 2025 at 8:52 AM Rumar, Maksym <maksym.ru...@hpe.com.invalid> wrote: > Hi Daniel, > > You mentioned that you tried to use ssl option in the connection string. > You can also use various other options to specify the client certificate > and root certificate of the MongoDB: > > https://www.mongodb.com/docs/manual/reference/connection-string-options/#connection-options > > MongoDB connection string has a bunch of options to configure TLS/SSL > connection: > > * > tlsCAFile > * > tlsCertificateKeyFile > * > * > tlsCertificateKeyFilePassword > > Try to use them. Also, for debugging and testing purposes, you can try to > disable some validations: > > * > tlsAllowInvalidCertificates > * > * > tlsAllowInvalidHostnames > * > * > tlsInsecure > > Regards, > Maksym > > ________________________________ > Від: Daniel Goolsby <danielgool...@gmail.com> > Надіслано: 15 липня 2025 р. 16:01 > Кому: user@drill.apache.org <user@drill.apache.org> > Тема: mongo server with 3rd party certs > > I'm realy new to apache drill, hoping that it can suit my needs. quick > brief: i'm trying to use apache superset > drill > mongo.. I have a working > mongo cluster with dns srv records that work for fine for being fed with > telegraf, ansible, misc other clients. I'm coming up short trying to > configure the Mongo storage plugin for drill for my cluster that uses 3rd > party server certs with client ssl trust from trusted ca's. > > I've tried just using ssl=true in my connection string, but i need to be > able to provide a custom client cert. > > from the docs: > > https://urldefense.com/v3/__https://drill.apache.org/docs/mongodb-storage-plugin/__;!!NpxR!gNKkG4YnZ66fgN11--ccTbttezRRNtIDFNY6Y8wXjfcPI7JpTnmh2JJKT465k4eCerKnC4zYCQnMXhuplC1B2O0$ > > it says i should be able to use the standard connection string format - but > those options aren't valid. I know java things like keytool exist, so i've > tried setting various JAVA_OPTS to create/specify keystores and > truststores, but I cannot seem to get drill to try ssl on the mongo > connection. > > the mongo server logs just hint that the connection only supports ssl, > failing whatever client connection that drill is trying to make. > > any suggestions? > > -- > --daniel > -- > -- --daniel --
