---
title: Starting MongoDB with SSL
description: You can start MongoDB with SSL by using either a CA-signed or self-signed certificate.
component: pingintelligence
version: 5.2
page_id: pingintelligence:installing_pingintelligence_for_apis:pingintelligence_starting_mongodb_ssl
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/installing_pingintelligence_for_apis/pingintelligence_starting_mongodb_ssl.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  choose-from: Choose from:
  next-steps: Next steps
---

# Starting MongoDB with SSL

You can start MongoDB with SSL by using either a CA-signed or self-signed certificate.

## About this task

To start MongoDB with SSL:

## Steps

1. Add a certificate.

   ### Choose from:

   * To add a CA-signed certificate, create a new PEM file by concatenating the certificate and its private key. Copy the resulting PEM file to the `/opt/pingidentity/mongo/key/` directory created in step 1 in [Installing MongoDB software](pingintelligence_install_mongodb.html).

     ```
     cat mongo-node-private-key mongo-node-certificate > /opt/pingidentity/mongo/key/mongodb.pem
     ```

   * To use a self-signed certificate, complete the following steps:

     1. Change directory to `key` directory:

        ```
        cd /opt/pingidentity/mongo/key
        ```

     2. Generate a self-signed certificate and key:

        ```
        openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
        ```

     3. Concatenate the certificate and the key:

        ```
        cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
        ```

2. After either a CA-signed certificate or self-signed certificate has been added to the `key` directory, shut down MongoDB:

   ```
   # mongod --dbpath ./data --shutdown
   ```

3. Restart MongoDB with the `-tlsMode` flag:

   ```
   mongod --auth --dbpath ./data/ --logpath ./logs/mongo.log --port 27017 --replSet absrs01 --fork --keyFile ./key/mongodb-keyfile -bind_ip 0.0.0.0 --tlsMode requireTLS --tlsCertificateKeyFile ./key/mongodb.pem
   ```

   |   |                                                                                                     |
   | - | --------------------------------------------------------------------------------------------------- |
   |   | The `-tlsMode` flag can take the following three values:- `allowTLS`

   - `preferTLS`

   - `requireTLS` |

## Next steps

Learn more in [MongoDB documentation](https://www.mongodb.com/docs/manual/reference/configuration-options/#net.ssl.mode).