Robomongo: Support ssl certificate checking from root CA's (allow to run the mongo shell with the --ssl option w/o including --sslCAFile or sslAllowInvalidCertificates)

Hi @q42jaap, thank you for reporting!
Since 0.9.0-RC10 there was no code changes for SSL feature, so it seems to be tricky case. I have just checked and for me error always occurs when trying to save an empty CA file (and it's expected behavior).
So if it possible could you please share with us more details to help with investigation:

1. Screenshots with successful CA file saving
2. Your local OS and version
3. MongoDB server version
4. Remote server OS

Thanks in advance!

Hi Julia,

My point is that leaving out CAFile is a valid use case for SSL connection.
The mongo client supports this, if the server certificate is signed by a
trusted CA (with intermediate certs of course).
So I think robomongo should support this too.

Jaap

On Jan 12, 2017 16:01, "Julia Shibalko" notifications@github.com wrote:

Hi @q42jaap https://github.com/q42jaap, thank you for reporting!
Since 0.9.0-RC10 there was no code changes for SSL feature, so it seems to
be tricky case. I have just checked and for me error always occurs when
trying to save an empty CA file (and it's expected behavior).
So if it possible could you please share with us more details to help with
investigation:

1. Screenshots with successful CA file saving
2. Your local OS and version
3. MongoDB server version
4. Remote server OS

Thanks in advance!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/paralect/robomongo/issues/1274#issuecomment-272185282,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAG_0qxgMk6DRL8jyqOoAyu_8EzmQDV1ks5rRkA4gaJpZM4LhoRA
.

@q42jaap yes, you're correct! Since 3.2.6 version mongo supports this. SSL feature was implemented before the change. So SSL will be updated at the same time when we start working on integration with new mongo shell 3.4 version (https://github.com/paralect/robomongo/issues/1250).
We will get back to you with any news. Thank you!

Hello, is there any news on that case?

In the latest release v1.1.1 we still cannot leave "CA certificate" blank.

Current workaround is to select "self-signed certificate" but I'm worried that could lead to worse security.

Thanks!

Just started using robomongo and faced same problem. Very surprised that it is not fixed for more than 5 years. My primary usecase is connection to Mongo Atlas instances and of course it requires --ssl. Leaving 'self signed' is not an option.

I've just spent hours trying to debug why Robo 3T is falsely claiming the SSL Cert cannot be trusted when it is a valid CA-signed cert (LetsEncrypt). I'm providing the fullchain.pem as the CAFile, but no luck. SSL validation in Robot 3T is broken.

Hello,

I already have Root Certificate installed in Trusted Root Certificate Authority.

I created a sample application using MongoDb C# and it driver works fine. These SDK uses Root CA from Windows Store to establish MongoDb TLS connection.

However this does not work with RoboMongo and requries to provide explicit Root CA in .pem format.

Could you inform when this will be fixed.

Hello,

Is there any update on this issue. I am also being faced with this issue on Windows 10 when selected "Use CA Certificate".

As a workaround, I followed willezgo's suggestion above and instead used "self-signed certificate", which worked.

Other note: my colleagues use macOS and can leave the certificate blank when saving so this may be an issue with software in combination with the OS.