Home > Enterprise >  "SSL handshake failed: [('SSL routines', 'tls_process_server_certificate',
"SSL handshake failed: [('SSL routines', 'tls_process_server_certificate',

Time:04-11

So I have created a documentDB cluster on AWS and I am hosting it on a EC2 instance. They are both in the same VPC.

in the EC2 instance I can connect to it via shell using

mongo --ssl --host <Hostname> --sslCAFile rds-combined-ca-bundle.pem --username <Username>--password <insertYourPassword>

but when I try to run my python file to connect it gives me a warning

/home/ubuntu/.local/lib/python3.8/site-packages/pymongo/common.py:787: UserWarning: Unknown option ssl_ca_certs
  warnings.warn(str(exc))

after which I get a error

pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: <Hostname>: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')], Timeout: 30s, Topology Description: <TopologyDescription id: 62520d257a1153e03b78ec0b, topology_type: Unknown, servers: [<ServerDescription ('<Hostname>', 27017) server_type: Unknown, rtt: None, error=AutoReconnect("SSL handshake failed: <Hostname>: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]")>]>

Here is the code just for the conntest.py

url = 'mongodb://<Username>:<insertYourPassword>@<host>/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&retryWrites=false' 


client = pymongo.MongoClient(url) 

##Specify the database to be used
db = client.sample_database

##Specify the collection to be used
col = db.sample_collection

##Insert a single document
col.insert_one({'hello':'Amazon DocumentDB'})

##Find the document that was previously written
x = col.find_one({'hello':'Amazon DocumentDB'})

##Print the result to the screen
print(x)

##Close the connection
client.close()

the parameter groups are default, except for tls : disabled ttl_monitor : disabled

The .pem file is locally saved in the same folder as the python code

CodePudding user response:

Your URL string is wrong. You need something like:

url = 'mongodb://<Username>:<insertYourPassword>@<host>/?ssl=true&tlsCertificateKeyFile=rds-combined-ca-bundle.pem&retryWrites=false' 

I'm not sure where you got the ssl_ca_certs parameter. All URL parameters are documented here.

  • Related