Cannot Connect to AWS Database using TLS with Server CA Validation

Question

AWS documentation states that to connect to my DocumentDB Cluster, I need to use a query string that ends like so ?ssl_ca_certs=rds-combined-ca-bundle.pem&replicaS

Answer 1

Worth adding that currently, MongoDB C# Driver does not support PEM certificates. So anything referencing a PEM certificate will fail with System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

AWS Developer Guide suggests using P7B certificates instead which can be downloaded from here: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.p7b

This has worked for us.

On Kubernetes and Windows, we needed to add rds-combined-ca-bundlee.p7b to local trust store as shown in AWS C# example and do NOT reference it in the connection string.

On Mac, I have struggled with adding the P7B certificate to the Keystore programmatically because of the access denied problem. Will update the answer if I manage to resolve it.

---

Last thing worth to mention, the answer provided by Kenny Dickie essentially switches off the certificate validation and makes the setup insecure. This line of code clientSettings.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; will always return true.