That’s the correct way to create the CA ?
Hi Martin,
That is one way of generating a self signed Certificate Authority. “Correct” in this case would be depending on your security requirements. For example, if you require encryption on the output key then you should remove the -nodes
option. etc.
Worth mentioning that you could also verify the .pem
before using them. For example:
openssl verify -CAfile mongodb-cert.crt client.pem;
An extra note for production use, your MongoDB deployment should use valid certificates generated and signed by a single certificate authority. If you use a self-signed certificate, although the communications channel will be encrypted, there will be no validation of server identity. Using a certificate signed by a trusted certificate authority will permit MongoDB drivers to verify the server’s identity. In general, avoid using self-signed certificates unless the network is trusted.
Other related links that you may find useful:
If you have further questions regarding TLS/SSL itself i.e. options/ciphers, you may get a faster response by posting a question on ServerFault or Security StackExchange.
Kind regards,
Wan.
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
For other MongoDB technical support options, see: https://docs.mongodb.org/manual/support/
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user...@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/5bf1cb64-1125-4573-9b9b-c528dd0d4d20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.