Setting up and configuring TLS (SSL)
In this recipe, we will look at how to use X.509 certificates to encrypt traffic sent to MongoDB servers. Although TLS is the actual term used to denote Transport Layer Security (TLS), for legacy naming reasons, it is many a times still referred to as SSL.
Getting ready
You need the standard MongoDB binaries.
How to do it...
- We will begin by creating our own Certificate Authority (CA) to generate self-signed certificates:
openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 365 -key ca.key -out ca.crt
- Create the key for the server:
openssl genrsa -out server1.key 2048
- Create the Certificate Signing Request (CSR) for the server:
openssl req -new -subj "/CN=server1.foo.com/O=ACME/C=AU" -key server1.key -out server1.csr
- Then create the certificate for the server, signed by the CA:
openssl x509 -req -days 365 -in server1.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server1.crt
- Generate the
.pem
file for the server by concatenating the.key
and.crt
...