Mongoose: MongooseServerSelectionError: self signed certificate in certificate chain with useNewUrlParser or useUnifiedTopology

Created on 18 Jun 2020  路  3Comments  路  Source: Automattic/mongoose

Do you want to request a feature or report a bug?
Bug
What is the current behavior?
I am trying to migrate from mongoose 4.13.20 to 5.9.18. The problem is I am not able to connect to mongodb with either mongoose.set('useNewUrlParser', true); or mongoose.set('useUnifiedTopology', true); or both.

Script I use with 4.13.20 

var mongoose = require('mongoose');

const mongoOptions = {
    server: { poolSize: 2, socketOptions: { connectTimeoutMS: 30000, socketTimeoutMS: 60000, maxTimeMS: 25000, reconnectTries: 604800000 } }
    , replset: { poolSize: 2, socketOptions: { connectTimeoutMS: 30000, socketTimeoutMS: 60000, maxTimeMS: 25000 } }
    , promiseLibrary: require('bluebird')
};
const connStr = 'mongodb://user:pass@localhost:27027/db?authSource=admin&ssl=true';
var connection = mongoose.createConnection(connStr, mongoOptions);
connection.on('connected', function() {
    console.log('Mongoose connected to DB ');
});
connection.on('error', function(err) {
    console.log('Mongoose connection error: ' + err);
});

Output:

Db.prototype.authenticate method will no longer be available in the next major release 3.x as MongoDB 3.6 will only allow auth against users in the admin db and will no longer allow multiple credentials on a socket. Please authenticate using MongoClient.connect with auth credentials.
Mongoose connected to DB

Script I use with 5.9.18 (without useNewUrlParser or useUnifiedTopology)

var mongoose = require('mongoose');

const mongoOptions = {
    poolSize: 2
    , connectTimeoutMS: 30000
    , socketTimeoutMS: 60000
    , reconnectTries: 604800000
    , promiseLibrary: require('bluebird')
};
mongoose.set('useFindAndModify', false);

const connStr = 'mongodb://user:pass@localhost:27027/db?authSource=admin&ssl=true';
var connection = mongoose.createConnection(connStr, mongoOptions);
connection.on('connected', function() {
    console.log('Mongoose connected to DB ');
});
connection.on('error', function(err) {
    console.log('Mongoose connection error: ' + err);
});

Output:

(node:63412) DeprecationWarning: current URL string parser is deprecated, and will be removed in a future version. To use the new parser, pass option { useNewUrlParser: true } to MongoClient.connect.
(node:63412) DeprecationWarning: current Server Discovery and Monitoring engine is deprecated, and will be removed in a future version. To use the new Server Discover and Monitoring engine, pass option { useUnifiedTopology: true } to the MongoClient constructor.
Mongoose connected to DB

Script I use with 5.9.18 (with useNewUrlParser or useUnifiedTopology)

var mongoose = require('mongoose');

const mongoOptions = {
    poolSize: 2
    , connectTimeoutMS: 30000
    , socketTimeoutMS: 60000
    // , reconnectTries: 604800000 // no longer supported with useUnifiedTopology option
    , promiseLibrary: require('bluebird')
};
mongoose.set('useNewUrlParser', true);
mongoose.set('useFindAndModify', false);
mongoose.set('useUnifiedTopology', true);

const connStr = 'mongodb://user:pass@localhost:27027/db?authSource=admin&ssl=true';
var connection = mongoose.createConnection(connStr, mongoOptions);
connection.on('connected', function() {
    console.log('Mongoose connected to DB ');
});
connection.on('error', function(err) {
    console.log('Mongoose connection error: ' + err);
});

Output:

Mongoose connection error: MongooseServerSelectionError: self signed certificate in certificate chain
(node:64284) UnhandledPromiseRejectionWarning: MongooseServerSelectionError: self signed certificate in certificate chain
    at NativeConnection.Connection.openUri (/Users/vivekshah/Desktop/mongoose_upgrade/v5/node_modules/mongoose/lib/connection.js:826:32)
    at Mongoose.createConnection (/Users/vivekshah/Desktop/mongoose_upgrade/v5/node_modules/mongoose/lib/index.js:279:17)
    at Object.<anonymous> (/Users/vivekshah/Desktop/mongoose_upgrade/v5/testScript.js:17:27)
    at Module._compile (internal/modules/cjs/loader.js:701:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:712:10)
    at Module.load (internal/modules/cjs/loader.js:600:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:539:12)
    at Function.Module._load (internal/modules/cjs/loader.js:531:3)
    at Function.Module.runMain (internal/modules/cjs/loader.js:754:12)
    at startup (internal/bootstrap/node.js:283:19)
    at bootstrapNodeJSCore (internal/bootstrap/node.js:622:3)
(node:64284) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:64284) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

What are the versions of Node.js, Mongoose and MongoDB you are using? Note that "latest" is not a version.
Node.js -> v10.15.3
npm -> 6.14.1
mongoose -> migrating from 4.13.20 to 5.9.18
MongoDB -> 3.2.19

docs
Source
picture shahvicky

Most helpful comment

I took a closer look and this is expected behavior. The most recent versions of the MongoDB driver perform more strict validation on SSL certificates by default, see docs: https://github.com/mongodb/node-mongodb-native/blob/master/docs/reference/content/tutorials/connect/tls.md

To work around this, you can set the tlsInsecure option to true. This will relax SSL constraints to what they were in Mongoose 4.x.

const mongoOptions = {
    poolSize: 2
    , connectTimeoutMS: 30000
    , socketTimeoutMS: 60000
    // , reconnectTries: 604800000 // no longer supported with useUnifiedTopology option
    , promiseLibrary: require('bluebird')
    , tlsInsecure: true // <-- add this option
};
picture vkarpov15 on 3 Jul 2020
👍3 🚀1

All 3 comments

I took a closer look and this is expected behavior. The most recent versions of the MongoDB driver perform more strict validation on SSL certificates by default, see docs: https://github.com/mongodb/node-mongodb-native/blob/master/docs/reference/content/tutorials/connect/tls.md

To work around this, you can set the tlsInsecure option to true. This will relax SSL constraints to what they were in Mongoose 4.x.

const mongoOptions = {
    poolSize: 2
    , connectTimeoutMS: 30000
    , socketTimeoutMS: 60000
    // , reconnectTries: 604800000 // no longer supported with useUnifiedTopology option
    , promiseLibrary: require('bluebird')
    , tlsInsecure: true // <-- add this option
};
vkarpov15 picture vkarpov15 on 3 Jul 2020
👍3 🚀1

Was having this issue - fixed it by adding ?tlsInsecure as a parameter of my DATABASE_URI string:

DATABASE_URI = "mongodb://blasblahblah@localhost:10255/admin?tlsInsecure=true&ssl=true"

This was a life-saver for me since I didn't have the same mongoOptions as vkarpov15 above. Also don't do this in prod 馃檭

dginovker picture dginovker on 11 Nov 2020

@dginovker you're right, you can specify tlsInsecure in either your connection string or connection options. Either works.

More on SSL connections in Mongoose here: https://mongoosejs.com/docs/tutorials/ssl.html

vkarpov15 picture vkarpov15 on 13 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

efkan picture efkan  路  3Comments
ghost picture ghost  路  3Comments
ArThoX picture ArThoX  路  3Comments
simonxca picture simonxca  路  3Comments
CodeurSauvage picture CodeurSauvage  路  3Comments