System CA certificate not working in MongoDB version 6.0.14 but same certificate working in version 5.x

Hai,

When upgrading from MongoDB version 5.x to 6.0.14, our SSL connection stopped working properly even though it was fine with version 5.x. We tried adding the tlsUseSystemCA property as suggested, but the issue persisted.

https://jira.mongodb.org/browse/SERVER-72839

docker compose

mongod --auth --keyFile /data/key/authKey.key --replSet rs1 --dbpath /data/db --port 27017 -enableEncryption --encryptionKeyFile=/data/key/mongodb.key --encryptionCipherMode=AES256-GCM --setParameter replWriterThreadCount=64 --setParameter enableFlowControl=false --setParameter maxSessions=1000000 --setParameter logicalSessionRefreshMillis=180000 --setParameter localLogicalSessionTimeoutMinutes=15 --tlsMode preferTLS --tlsCertificateKeyFile /data/key/drp00-ver6-mongo01.pem --tlsDisabledProtocols TLS1_0,TLS1_1 --setParameter tlsUseSystemCA=true

image1918×441 48.6 KB

Hi, as per the issue you linked it should be clear that the use of TLS without specifying a chain of trust is no longer supported after 6.0.14. You need to configure TLS properly as per https://www.mongodb.com/docs/manual/tutorial/configure-ssl/#configure-mongod-and-mongos-for-tls-ssl
I suggest you consider a professional services engagement with Percona if you need are not sure how to proceed, as a complete analysis and implementation is outside the scope of this forum.