SSL 1009 - SSL Connection Failure

Error Code SSL-1009
Error Message Text(s) - An error occurred while setting up the SSL connection.
- Failed to connect with error: CA is not an X509 certificate.

Error Summary

  • Hevo is not able to connect to MongoDB using the credentials provided by the user.

Potential Causes

  • SSL is not enabled for your MongoDB instance.

  • Your MongoDB instance is using an authorized certificate that is not present in the JRE’s default certificate store.

  • The PEM key file is not present in your MongoDB instance.

  • The password to decrypt the PEM key file is not present.

Suggested Action(s)

Verify that the following prerequisites required for a successful SSL connection are available in your MongoDB instance:

  • Check that SSL is enabled. To do so:

    • For MongoDB version 4.1 and earlier:

      • net.tls.mode: The value should be allowSSL or preferSSL or requireSSL.
    • For MongoDB version 4.2 and later:

      • net.ssl.mode: The value should be allowSSL or preferSSL or requireSSL.
  • Check that SSL PEM key file is present. To do so:

    • For MongoDB version 4.1 and earlier:

      • net.ssl.PEMKeyFile: This file contains both the TLS/SSL certificate and key. It should be available in your MongoDB instance.
    • For MongoDB version 4.2 and later:

      • net.tls.certificateKeyFile: This file contains both the TLS/SSL certificate and key. It should be available in your MongoDB instance.
  • (Optional) If your SSL connection is encrypted, check that you have provided the SSL PEM key password. To do so:

    • For MongoDB version 4.1 and earlier:

      • net.ssl.PEMKeyPassword: This file contains password to decrypt the certificate key file (SSL PEM key file).
    • For MongoDB version 4.2 and later:

      • net.tls.certificateKeyFilePassword: This file contains password to decrypt the SSL certificate key file.
  • Check that the SSL CA file is valid. If you are not using the CA file, check the validity of the SSL certificate selector open certificate. To do so:

    • If you are using the CA file:

      • For MongoDB version 4.1 and earlier:

        • net.ssl.certificateSelector: This file contains a CA property in order to select a matching certificate from the operating system’s certificate store to use for TLS/SSL.
      • For MongoDB version 4.2 and later:

        • net.tls.certificateSelector: This file contains a CA property in order to select a matching certificate from the operating system’s certificate store to use for TLS/SSL.
    • If you are not using the CA file:

      • For MongoDB version 4.1 and earlier:

        • net.ssl.allowConnectionsWithoutCertificates: The value should be true.
      • For MongoDB version 4.2 and later:

        • net.tls.allowConnectionsWithoutCertificates: The value should be true.

Read Configuration File Options to know how you can edit the configuration file in your MongoDB instance.


Revision History

Refer to the following table for the list of key updates made to this page:

Date Release Description of Change
Oct-27-2022 NA New document.
Last updated on 26 Oct 2022

Tell us what went wrong