In order to secure communications between mongod or mongos instances, you need a public key certificate (also called an X.509 certificate). This is also often misleadingly referred to as an SSL certificate. It's best to use a certificate that is signed by a trusted certificate authority (CA). However, if you are setting up a MongoDB database just for testing purposes, or if you are only developing inside a company network, a self-signed certificate might be sufficient.
Self-signed certificates do not validate the server's identity, which opens the communication to man-in-the-middle attacks.
To generate a self-signed certificate, use the server's operating system SSL library. Here is an example script, found at /path/to/repo/chapters/11/install_ssl_cert.sh, that installs test certificates for both client and server:
#!/bin/bash
echo "Generating SSL certificates ..."
export RAND_DIGITS=`date |cut -c 18-20...