skip to Main Content

I am trying to connect a NodeJS server to an AWS documentDB cluster with TLS enabled. The NodeJS server is hosted on an EC2 instance and it’s on the same VPC as the documentDB cluster. But I’m getting the following error:

{ MongoServerSelectionError: unable to get local issuer certificate
     at Timeout.waitQueueMember.timer.setTimeout [as _onTimeout] (/home/ubuntu/server/node_modules/mongodb/lib/core/sdam/topology.js:438:30)
     at ontimeout (timers.js:436:11)
     at tryOnTimeout (timers.js:300:5)
     at listOnTimeout (timers.js:263:5)
     at Timer.processTimers (timers.js:223:10)
   name: 'MongoServerSelectionError',
   reason:
    TopologyDescription {
      type: 'ReplicaSetNoPrimary',
      setName: null,
      maxSetVersion: null,
      maxElectionId: null,
      servers:
       Map {
         '*******.cluster-****.us-east-1.docdb.amazonaws.com:27017' => [ServerDescription] },
      stale: false,
      compatible: true,
      compatibilityError: null,
      logicalSessionTimeoutMinutes: null,
      heartbeatFrequencyMS: 10000,
      localThresholdMS: 15,
      commonWireVersion: null } }

The error seems to be with the TLS certificate. But I’m passing the contents of rds-combined-ca-bundle.pem while connecting as shown in the following code:

uri = process.env.MONGODB_URI || process.env.Db_url;
options = {
    user: "****",
    pass: "****",
}
mongoose.set("useCreateIndex", true);
mongoose.connect(
  uri,
  {
    useNewUrlParser: true,
    useFindAndModify: false,
    useUnifiedTopology: true,
    sslCA: [fs.readFileSync("/home/ubuntu/rds-combined-ca-bundle.pem")],
  },
  err => {
    if (err) {
      console.log('Connection Error: ', err);
    } else {
      console.log(`Successfully Connected============`);
    }
  }
);     

I’ve tried connecting to the mongo cluster using mongo shell on EC2 instance using

mongo --ssl --host *******.cluster-****.us-east-1.docdb.amazonaws.com:27017 
--sslCAFile rds-combined-ca-bundle.pem --username ***** --password *****

and this is working. So, the connection to the cluster is fine, but the mongoose cannot connect.

Is there any other way to connect to documentDB using mongoose?

2

Answers


  1. Can you add ssl: true ? Something like this works for me:

    const mongoose = require('mongoose');
    
    main().catch(err => console.log(err));
    
    async function main() {
      await mongoose.connect('mongodb://user:password@docdb_uri',
          {
              useNewUrlParser: true,
              ssl: true,
              sslValidate: true,
              sslCA: `/usr/local/rds-combined-ca-bundle.pem`
          })
    }
    
    Login or Signup to reply.
  2. What is the version of mongoose that you are using? In my project, mongoose 5.x works just fine but once it is updated to 6.x it won’t connect to the documentdb.

    Note: mongoose version < 6.4.6 is considered vulnerable. https://security.snyk.io/package/npm/mongoose

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search