Setting up SSL for Mongo hosted on AWS EC2

1,135 views
Skip to first unread message

Catherine Jue

unread,
Jan 20, 2016, 5:59:19 PM1/20/16
to mongodb-user
Hi guys, I'm pretty new to mongo and hosting on AWS. I'm trying to configure my mongo instance (configured with MEAN by Bitnami,  https://bitnami.com/stack/mean) that's hosted on an EC2 instance to require SSL by following these instructions: https://docs.mongodb.org/manual/tutorial/configure-ssl/

It seems to me (please correct me if I'm wrong) that to configure mongo to require SSL, I must set

sslMode = requireSSL
sslPEMKeyFile = /etc/ssl/mongodb.pem

inside my EC2's mongodb.conf file.

Once that's set, I can set my mongo instance inside my server code with the private key/crt to use ssl (eg: https://groups.google.com/forum/#!topic/mongoose-orm/0QPN0HEyHGE).

Is this correct? Would love any guidance.

Wan Bachtiar

unread,
Feb 9, 2016, 12:58:48 AM2/9/16
to mongodb-user

It seems to me (please correct me if I’m wrong) that to configure mongo to require SSL, I must set

Hi Catherine,

Note that certains distributions of MongoDB do not contain support for SSL. Be sure to choose the right package that supports SSL. Which version of MongoDB and specific OS are you using ?

For production use, your MongoDB deployment should use valid certificates generated and signed by a single certificate authority. By using a single Certificate Authority (CA) to generate and signed valid certificates, you can use different .pem files for the client and the server. Unless the network is trusted, please avoid using self-signed certificates.

Please see how to set up mongod and mongos with certificate validation once you have obtained a certificate.

In regards to connecting via NodeJS, see the example below that uses a .pem file (contains SSL certificate and key) and a .crt file (contains the certificate from the Certificate Authority): 

var pemFile = require('fs').readFileSync("/ssl/path/client.pem");
var caFile = require('fs').readFileSync("/ssl/path/rootCA.crt");
var MongoClient = require('mongodb').MongoClient;

MongoClient.connect("mongodb://127.0.0.1:27017/databaseName?ssl=true", {
    server: {
        sslKey: pemFile,
        sslCert: pemFile,
        sslCa : caFile,
        sslValidate: true // set to 'false' if CA is self-generated certificate
    }
}, function(err, db) {
    if(err) console.log(err);
    console.log("Connected with SSL");
    var cursor = db.collection('collectionName').find();
    cursor.each(function(err, doc){
        console.dir(doc);
    });
});

Note that SSL only secures the communication between the client(s) and the server(s). For more information please review the MongoDB security checklist.

Kind regards,

Wan.

Reply all
Reply to author
Forward
0 new messages