Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Mongo DB Query component and self-signed certificates

Is there a way to configure the MongoDB Query component to accept a self-signed certificate for SSL?

I have a scenario where the MongoDB instance I'm querying uses SSL, but the certificate in use is self-signed. When connecting via MongoDB Compass (for example), I can specify that I'll accept the self-signed certificate by specifying the sslAllowInvalidCertificates parameter, but I can't seem to get this to work with the MongoDB Query component. Once I indicate we're using SSL, it gives me a JDBC exception because the certificate doesn't contain a valid root certifying authority.

Has anybody successfully dealt with this scenario, and if so, how?

6 Community Answers

Matillion Agent  

Ian Funnell —

Hi Matt,

Please could you try adding a Connection Option, and setting SSLServerCert to just a single * character.

Best regards,
Ian


Matt Burr —

Thanks, Ian. I gave that a shot and I get this error message:

Cannot conclude ssl handshake. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.


I've set "UseSSL" to "true", and I've set "SSLServerCert" to "*"


Matillion Agent  

Ian Funnell —

Hi Matt,

Not sure what’s going wrong there. Please could you attach an export of your Orchestration job, and also a copy-and-paste from your Help / Support Information?

Best regards,
Ian


Matt Burr —

Since this is a community question, I don't see any way to attach the orchestration job.

As far as the Help/Support Info:

<Please paste the contents of this box into an email and enter details of how we can contact you here, then email to support@matillion.com>

-- METL Version
1.34.5 (build 167)

-- METL AMI Version
1.34.5

-- License
None

-- Memory:Total
0.95 Gb

-- Memory:Max
0.95 Gb

-- Memory:Free
0.24 Gb

-- Disk:Free
188.79 Gb

-- Disk:Total
188.69 Gb

-- Scheduler ID
NON_CLUSTERED

-- Scheduled Jobs Ran
91

-- Clustered Mode
false

-- Persistent Mode
false

-- Server:TimeZone
Universal; GMT+0000

-- Cluster Version
1.0

-- Cluster Status
available

-- Type
t2.medium

-- AMI ID
ami-e0f15e9f

-- ImageID
ami-e0f15e9f

-- AZ
us-east-1b

-- Region
us-east-1

-- Redshift:Slices
4

-- Redshift:Nodes
2

-- Client:UserAgent
mozilla/5.0 (macintosh; intel mac os x 10_12_6) applewebkit/537.36 (khtml, like gecko) chrome/68.0.3440.106 safari/537.36

-- Client:Resolution
1821x1017

-- Client:TimeZone
GMT-05:00


Matillion Agent  

Ian Funnell —

Hi Matt,

Please email the job export to support@matillion.com

Many thanks,
Ian


Matt Burr —

I've resolved the issue. I was able to download and add the certificate to the Java keystore, and now I'm able to connect.

Post Your Community Answer

To add an answer please login