I was able to set up a replica set with self signed certificates on Windows. However, I suspect there are some communication issues between primary and secondary.
When I look at the log, I see these errors several times per second:
"2016-04-10T17:04:06.502Z E NETWORK [conn321670] no SSL certificate provided by peer; connection rejected",
"2016-04-10T17:04:06.503Z I NETWORK [conn321670] end connection xxx.xxx.xxx.xxx:54350 (12 connections now open)"
xxx.xxx.xxx.xxx is the secondary IP number.
Now, that's weird to me because I'm running the service on port 40000, so I don't know why these connections are using other port numbers. Those ports are not even opened in my firewall.
I think the certificate rejection has something to do with the fact that my certificates were created based on host names (m1.mydomain.com and m2.mydomain.com) and these messages show IP numbers.
rs.status() says that everything is fine.
Here's my config file:
storage:
dbPath: c:\mongossl\data
systemLog:
destination: file
path: c:\mongossl\log\mongod.log
logAppend: true
timeStampFormat: iso8601-utc
replication:
replSetName: rs
net:
port: 40000
ssl:
mode: requireSSL
PEMKeyFile: c:\certs\m1.pem
CAFile: c:\certs\ca.crt
clusterFile: c:\certs\m1.pem
security:
authorization: disabled
clusterAuthMode: x509
It would be great if someone could shed some light on why I'm seeing all these connection errors.