1

if I compile the c driver with -DENABLE_SSL=WINDOWS (windows secure Channel), connection would be failed if the client pem key file has password.

the error info of log:

[error@stream-secure-channel] Failed to parse private key. ASN1 bad tag value me t. (0x8009310B) [warning@stream-secure-channel] a client certificate has been requested

note:

  1. I create the private key for the pem file with this command: openssl genrsa -des3 -out server.key 2048 , and then input password : 1234

    using mongo.exe , I can connect with the same pem file and password from my own working computer successfully: mongo --host 10.154.10.39 --ssl --authenticationDatabase admin --username user1 -p 123 --sslCAFile d:/ca.pem --sslPEMKeyFile d:/cry.pem --sslPEMKeyPassword 1234

    however, if my program uses the mongocxx driver, always get failed.

  2. if I use the driver which is compiled with "-DENABLE_SSL=OPENSSL", this issue dissapears.

acm
  • 12,183
  • 5
  • 39
  • 68
winnie_quest
  • 31
  • 4
  • windows crypto uses the pkcs7 format, not PEM. If you create your cert in that format, it should work (MSDN: https://learn.microsoft.com/en-us/windows/desktop/SecCertEnroll/pkcs--7-attributes) (a cert vendor:https://www.namecheap.com/support/knowledgebase/article.aspx/9474/69/how-do-i-create-a-pem-file-from-the-certificates-i-received-from-you) – bauman.space Oct 03 '18 at 17:19

0 Answers0