If you see an error like following while connecting to a MongoDB with SSL from Mac OS X, you might need to configure Root CA Certificates.
Error : No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on ‘host:port’]
Here is how.
Open KeyChain Access from Applications/Utilities folder.
Show Certificates of “System Roots”, and select all of them.
Then, select “File” menu, then “Export Items …” sub menu and export those well-known root CA certificates into a file named cert.pem.
Now, check if you have /usr/local/etc/openssl directory, and if you don’t have one yet, create the directory with the following commands. The commands will ask for your MacOS account password. The first command is for the case you don’t have /usr/local/etc either. The second command creates /usr/local/etc/openssl.
sudo mkdir /usr/local/etc
sudo mkdir /usr/local/etc/openssl
If you already had /usr/local/etc/openssl directory, it is possible that you already have a file named cert.pem in the directory. If this is the case, open the existing cert.pem with an editor, and append the entire content of our cert.pem we just created to the tail of the content of the existing cert.pem.
If you did not have /usr/local/etc/openssl directory, or even if you had it, did not have cert.pem in it, just put the cert.pem we created under this directory.
If the cause of connection error was lack of root CA certificate, reconnecting to MongoDB now should work fine.
If you are not clear or have questions please contact me at hideaki@exploratory.io.