You can start MongoDB with SSL by using either a CA-signed or self-signed certificate.
To start MongoDB with SSL:
-
Add a certificate.
- To add a CA-signed certificate, create a new PEM file by concatenating
the certificate and its private key. Copy the resulting PEM file to the
/opt/pingidentity/mongo/key/ directory created in
step 1 in Installing MongoDB software.
cat mongo-node-private-key mongo-node-certificate > /opt/pingidentity/mongo/key/mongodb.pem
- To use a self-signed certificate, complete the following steps:
- Change directory to key
directory:
cd /opt/pingidentity/mongo/key
- Generate a self-signed certificate and
key:
openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
- Concatenate the certificate and the
key:
cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
- Change directory to key
directory:
- To add a CA-signed certificate, create a new PEM file by concatenating
the certificate and its private key. Copy the resulting PEM file to the
/opt/pingidentity/mongo/key/ directory created in
step 1 in Installing MongoDB software.
-
After either a CA-signed certificate or self-signed certificate has been added
to the key directory, shut down MongoDB:
# mongod --dbpath ./data --shutdown
-
Restart MongoDB with the
-tlsMode
flag:mongod --auth --dbpath ./data/ --logpath ./logs/mongo.log --port 27017 --replSet absrs01 --fork --keyFile ./key/mongodb-keyfile -bind_ip 0.0.0.0 --tlsMode requireTLS --tlsCertificateKeyFile ./key/mongodb.pem
Note:The
-tlsMode
flag can take the following three values:allowTLS
preferTLS
requireTLS
For more information, see the MongoDB documentation.