0

I'm getting following error while trying to connect to mongodb server from golang application kubernetes pod.

Error: tls: private key does not match public key

I'm using mongo-go-driver version 1.4.1

Key is RSA encrypted. -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: ..

PFB application code to connect

    m.context, _ = context.WithTimeout(context.Background(), 30*time.Second)

    certFilePath := <path>
    keyPassword := <password>

    uri := "mongodb://user:password@<mongoserver>:27017/?authSource=<dbname>&authMechanism=scram-sha-1&connect=direct&ssl=true&sslClientCertificateKeyFile=%s&sslClientCertificateKeyPassword=%s&sslInsecure=true&sslAllowInvalidCertificates=true"
    uri = fmt.Sprintf(uri, certFilePath, keyPassword)

    log.Println("ConnectDB: creating mongo client new")
    clientOptions := []*options.ClientOptions{
        options.Client().ApplyURI(uri),//.SetAuth(credential),
    }

    log.Println("ConnectDB: connecting client")
    m.client, err = mongo.Connect(m.context, clientOptions...)
    if nil != err {
        panic(err)
    }

Same key and certs are working fine when connecting using Robo 3T or Studio 3T

Please help me in resolving key mismatch error. Is it occurring due to incorrect key decryption by golang driver?

user81239
  • 1
  • 2
  • Which private key is not matching which public key? – D. SM Sep 17 '20 at 19:12
  • Private key provided by client (golang application) and public key on mongodb server. However, same private key works with Robo 3T or Studio 3T – user81239 Sep 17 '20 at 20:10
  • If by server's public key you mean the server's certificate, then the private key used by the client is not used to verify the server's certificate - the client uses the certificate authority certificate to do that. – D. SM Sep 18 '20 at 05:43
  • I have added sslInsecure as true, client will accept all server certs. Server needs to verify client's authentication which is failing – user81239 Sep 18 '20 at 06:38
  • The error you quoted has nothing to do with authentication. – D. SM Sep 18 '20 at 07:19
  • Doesn't server will verify client using client certificate and key provided by client? – user81239 Sep 21 '20 at 06:21
  • The key is not sent over the wire, and this has nothing to do with authentication unless you are using the x509 auth mechanism. – D. SM Sep 21 '20 at 10:39

0 Answers0