I usually dump my mongodb database using this command and it works perfectly:
mongodump --uri mongodb+srv://name:password@cluster0.fklgt.mongodb.net/database_name --archive="dump-copy-name" --forceTableScan
However, I have been trying to dump different databases and it just keeps logging this:
2021-06-21T18:43:39.206+0100 error dialing cluster0-shard-00-00.fklgt.mongodb.net:27017: SSL errors: SSL routines:ssl3_get_server_certificate:certificate verify failed
Any idea what's going-on?
The mongodump tool does not implicitly trust your system certificate store. You will need to pass it the root CA certificate so that it can validate the cluster's certificate.
To find out which certificate is the root, use openssl:
openssl s_client -connect cluster0-shard-00-00.fklgt.mongodb.net:27017
The output should include a certificate chain section like:
---
Certificate chain
0 s:/C=US/ST=New York/L=New York/O=MongoDB, Inc./CN=*.mongodb.com
i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
(this is an example, test with your cluster to get the real certificates)
The highest numbered certificate in the chain should be the root. Once you have that, google for the CN part (in my example that was "DigiCert SHA2 Secure Server CA"), and you should find a link to download the certificate.
The root should be one of the two listed here: https://docs.atlas.mongodb.com/reference/faq/security/#hard-coded-certificate-authority
Once you have the root certificate in .pem format, use the command line option --sslCAFile=<filename> to pass it to mongodump.