--- title: Verify MongoDB SSL certificates description: You can configure API Behavioral Security (ABS) to verify the validity of MongoDB server certificate, when it tries to connect with MongoDB. component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_verify_mongodb_ssl_certificates canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_verify_mongodb_ssl_certificates.html revdate: April 3, 2024 section_ids: about-this-task: About this task steps: Steps choose-from: Choose from: --- # Verify MongoDB SSL certificates You can configure API Behavioral Security (ABS) to verify the validity of MongoDB server certificate, when it tries to connect with MongoDB. ## About this task This is an optional check. and the following diagram shows the summary of steps involved in this verification. ![Diagram of steps for verification of MongoDB SSL certificate as described in the text.](../_images/pbm1606556564186.png) | | | | - | -------------------------------------------------------------------------------------------------------------------- | | | Ensure the following steps are completed, so that ABS can verify MongoDB server certificate before connecting to it. | ## Steps 1. To verify the validity of MongoDB, check if the`mongo_ssl` parameter in the `//pingidentity/abs/config/abs.properties` file is set true. 2. Check if the `mongo_certificate` parameter in the `//pingidentity/abs/config/abs.properties` file is set true. 3. Import the MongoDB Server certificate into the `abs.jks` truststore, using either of the following commands as applicable. The commands prompt for a `destination keystore password`, and the password entered should be same as the `jks_password` configured in the [abs.properties](pingintelligence_abs_configuration.html) file. ### Choose from: ``` # keytool -import -file -storetype JKS -keystore //pingidentity/abs/config/ssl/abs.jks ``` If the MongoDB server certificate is in `.pem` format, use the following command to import the certificate in to the ABS truststore. ``` # keytool -import -v -trustcacerts -file server.pem -keystore //pingidentity/abs/config/ssl/abs.jks -storetype JKS ``` When ABS starts, it loads the certificates available in `abs.jks` truststore. If the server certificate presented by MongoDB gets validated, ABS connects with it and completes the booting. If the SSL server certificate verification fails, ABS will not start and a `CertificateException` is thrown by ABS. The error is logged in`//pingidentity/abs/abs.log.` | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If ABS is running and the MongoDB server certificate expires in between, it will not stop. An error message is logged in`//pingidentity/abs/abs.log.`You can also use a CA-signed certificate to verify the MongoDB server certificate. For that, import your existing CA-signed certificate into ABS by following the instructions explained in [Import existing CA-signed certificates](pingintelligence_import_existing_ca_signed_certificates.html). Once the certificate is imported, complete Step 1 through Step 3 above so that ABS can verify MongoDB server certificate. |