Error connecting to mongodb with TLS true using rocketchat

Description

Error when connecting rocketchat with mongodb tls client cert. when using mongoshell in the same VM and providing the same 2 certs, mongoshell is able to connect to the DB.

Server Setup Information

• Version of Rocket.Chat Server: 4.8.0
• Operating System: Ubuntu 20.04 TLS
• Deployment Method: tar
• Number of Running Instances: 1
• DB Replicaset Oplog:
• NodeJS Version: 14.19.3
• MongoDB Version: 4.4.13
• Proxy:
• Firewalls involved:

Any additional Information

Sep 15 07:49:42 vm605 rocketchat[25488]: (node:25488) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to ‘0’ makes TLS connections and HTTPS
requests insecure by disabling certificate verification.
Sep 15 07:49:42 vm605 rocketchat[25488]: (Use node --trace-warnings ... to show where the warning was created)
Sep 15 07:50:12 vm605 rocketchat[25488]: /data/Rocket.Chat/programs/server/node_modules/fibers/future.js:313
Sep 15 07:50:12 vm605 rocketchat[25488]: #011#011#011#011#011#011throw(ex);
Sep 15 07:50:12 vm605 rocketchat[25488]: #011#011#011#011#011#011^
Sep 15 07:50:12 vm605 rocketchat[25488]: MongoServerSelectionError: self signed certificate in certificate chain
Sep 15 07:50:12 vm605 rocketchat[25488]: at Timeout._onTimeout (/data/Rocket.Chat/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/lib/core/sdam/topology.js:437:30)
Sep 15 07:50:12 vm605 rocketchat[25488]: at listOnTimeout (internal/timers.js:557:17)
Sep 15 07:50:12 vm605 rocketchat[25488]: at processTimers (internal/timers.js:500:7) {
Sep 15 07:50:12 vm605 rocketchat[25488]: reason: TopologyDescription {
Sep 15 07:50:12 vm605 rocketchat[25488]: type: ‘ReplicaSetNoPrimary’,
Sep 15 07:50:12 vm605 rocketchat[25488]: setName: null,
Sep 15 07:50:12 vm605 rocketchat[25488]: maxSetVersion: null,
Sep 15 07:50:12 vm605 rocketchat[25488]: maxElectionId: null,
Sep 15 07:50:12 vm605 rocketchat[25488]: servers: Map(1) {
Sep 15 07:50:12 vm605 rocketchat[25488]: ‘vm611:27117’ => ServerDescription {
Sep 15 07:50:12 vm605 rocketchat[25488]: address: ‘vm611:27117’,
Sep 15 07:50:12 vm605 rocketchat[25488]: error: Error: self signed certificate in certificate chain
Sep 15 07:50:12 vm605 rocketchat[25488]: at TLSSocket.onConnectSecure (_tls_wrap.js:1515:34)
Sep 15 07:50:12 vm605 rocketchat[25488]: at TLSSocket.emit (events.js:400:28)
Sep 15 07:50:12 vm605 rocketchat[25488]: at TLSSocket._finishInit (_tls_wrap.js:937:8)
Sep 15 07:50:12 vm605 rocketchat[25488]: at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:709:12) {
Sep 15 07:50:12 vm605 rocketchat[25488]: name: ‘MongoNetworkError’
Sep 15 07:50:12 vm605 rocketchat[25488]: },
Sep 15 07:50:12 vm605 rocketchat[25488]: roundTripTime: -1,
Sep 15 07:50:12 vm605 rocketchat[25488]: lastUpdateTime: 96890270,
Sep 15 07:50:12 vm605 rocketchat[25488]: lastWriteDate: null,
Sep 15 07:50:12 vm605 rocketchat[25488]: opTime: null,
Sep 15 07:50:12 vm605 rocketchat[25488]: type: ‘Unknown’,
Sep 15 07:50:12 vm605 rocketchat[25488]: topologyVersion: undefined,
Sep 15 07:50:12 vm605 rocketchat[25488]: minWireVersion: 0,
Sep 15 07:50:12 vm605 rocketchat[25488]: maxWireVersion: 0,
Sep 15 07:50:12 vm605 rocketchat[25488]: hosts: ,
Sep 15 07:50:12 vm605 rocketchat[25488]: passives: ,
Sep 15 07:50:12 vm605 rocketchat[25488]: arbiters: ,
Sep 15 07:50:12 vm605 rocketchat[25488]: tags:
Sep 15 07:50:12 vm605 rocketchat[25488]: }
Sep 15 07:50:12 vm605 rocketchat[25488]: },
Sep 15 07:50:12 vm605 rocketchat[25488]: stale: false,
Sep 15 07:50:12 vm605 rocketchat[25488]: compatible: true,
Sep 15 07:50:12 vm605 rocketchat[25488]: compatibilityError: null,
Sep 15 07:50:12 vm605 rocketchat[25488]: logicalSessionTimeoutMinutes: null,
Sep 15 07:50:12 vm605 rocketchat[25488]: heartbeatFrequencyMS: 10000,
Sep 15 07:50:12 vm605 rocketchat[25488]: localThresholdMS: 15,
Sep 15 07:50:12 vm605 rocketchat[25488]: commonWireVersion: null
Sep 15 07:50:12 vm605 rocketchat[25488]: }
Sep 15 07:50:12 vm605 rocketchat[25488]: }
Sep 15 07:50:12 vm605 systemd[1]: rocketchat.service: Main process exited, code=exited, status=1/FAILURE
Sep 15 07:50:12 vm605 systemd[1]: rocketchat.service: Failed with result ‘exit-code’.

have configured MONGO_OPTIONS as a script file in linux
/etc/profile.d/rocket-mongo.sh, with the following info

export TLS_CRT=$(cat /home/bgadm605/client-cer/vm605-root-ca.pem | awk ‘{printf “%s\n”,$0} END {print “”}’)
export PEM_KEY=$(cat /home/bgadm605/client-cer/vm605-mongodb.pem | awk ‘{printf “%s\n”,$0} END {print “”}’)

export MONGO_OPTIONS=‘{“sslCA”:["’${TLS_CRT}‘“],“sslCert”:”’${PEM_KEY}‘“,”“serverSelectionTimeoutMS”: 20000" }’

in vm605-root-ca.pem, it is full ca cert path. 2 certs in it
in vm605-mongodb.pem, it consists of the cert & the private key

Hi!

Were you able to solve this issue?

Hi,

unfortunately no. its not solved. would you able to advise me what could i have done wrongly?

thanks & br,
ch

The node conector has changed in 5.X version, as well as our docker compose template

Have you tried on that environment?

Thanks!