Key error message:
no SSL certificate provided by peer; connection rejected
When you enable TLS / SSL on MongoDB, MongoDB clients can now authenticate that the MongoDB server, who claims that the comparison path / SSL certificate of MongoDB TLS (specified in the PEMKeyFile property in the mongod.conf file), is against the public certification authority certificate that you provide MongoDB client to indicate which certification authority you trust.
But what I just described is sometimes called one-way TLS, while by default MongoDB provides two-way or mutual TLS authentication. The idea is that, perhaps, MongoDB does not want to accept clients from anyone (as a public website can do), but also wants to authenticate clients.
In TLS Mutual Auth, the same Certificate Authority that I mentioned above will issue client certificates, and the MongoDB server will check the client certificate to make sure that it was indeed issued by the corresponding Certificate Authority and that it is valid (for example, it has not expired) .
So this error says, "Hey, I expect my clients to submit a TLS certificate, but you have no idea."
How to fix this is described in Configuring mongod and mongos for TLS / SSL :
If you want to bypass validation for clients that do not provide certificates, allowConnectionsWithoutCertificates parameter allowConnectionsWithoutCertificates with mongod and mongos. If the client does not provide a certificate, verification does not occur. These connections, although not verified, are still encrypted using SSL.
Of course, you can also specify this in the mongod.conf file: https://docs.mongodb.com/manual/reference/configuration-options/#net.ssl.allowConnectionsWithoutCertificates
My preferred solution looks like this:
net: port: 27017 bindIp: 172.0.0.1 # Set this to whatever your private IP address is ssl: mode: "requireSSL" PEMKeyFile: "/path/to/tls/private/key" CAFile: "/path/to/ca/public/cert" disabledProtocols: "TLS1_0,TLS1_1" allowConnectionsWithoutCertificates: true # <-- The line to add to your config