MongoDB ssl client setup

[edc]

HI guys

I setup the ssl as the documents(https://docs.mongodb.org/manual/tutorial/configure-ssl/) said.

But as the docs said, i must use the pem on the client ,and the pem is the server pem.

If we use the same key as the server is,it`s not safe.

How can i build a client pem that is given to the app to use? 

Thanks

[edc]

Is there anyone can help me with this case?

Thanks a lot.

在 2015年12月10日星期四 UTC+8上午11:00:14，edc写道：

[Wan Bachtiar]

Hi guys

I setup the ssl as the documents(https://docs.mongodb.org/manual/tutorial/configure-ssl/) said.
But as the docs said, i must use the pem on the client ,and the pem is the server pem.

Hi,

MongoDB can use any valid SSL certificate issued by a certificate authority, or a self-signed certificate. By using a single Certificate Authority (CA) to generate and signed valid certificates you can use different .pem files for the client and the server. Unless the network is trusted, please avoid using self-signed certificates.

Having a root certificate chain from the Certificate Authority, you can then set up mongod and mongos with certificate validation.. For example, using mongo shell as a client example:

mongo --port 9099 --ssl --sslCAFile root_CA.crt --sslPEMKeyFile client.pem

Also worth noting that by omitting -nodes when you generate the key with openssl, you can encrypt the .pem files with a passphrase. Also see SSL certificate passphrase for more info.

Note that this only secures the communication between the client(s) and the server(s). See MongoDB security checklist for more details.

Regards,

Wan.

​