Skip to content
Snippets Groups Projects
Unverified Commit a304725d authored by Carl Tashian's avatar Carl Tashian Committed by GitHub
Browse files

Merge pull request #68 from smallstep/mongodb

Add mongoDB server & client auth
parents 95888249 b66a4237
No related branches found
No related tags found
No related merge requests found
name: MongoDB v4.4
protocol: mongodb
server_port: 27017
topics:
server_auth:
links:
- text: Configure mongod and mongos for TLS/SSL
url: https://docs.mongodb.com/manual/tutorial/configure-ssl/
client_auth:
links:
- text: Set Up mongod and mongos with Client Certificate Validation
url: https://docs.mongodb.com/manual/tutorial/configure-ssl/#client-cert-validation-ssl
docs/mongodb/logo.png

9.94 KiB

Copy the `{{ server_cert }}`, `{{ server_key }}`, and `{{ ca_cert }}` files to `/etc/step/certs/`.
```shell-session
$ sudo cat {{ server_cert }} {{ server_key }} > /etc/step/certs/mongod.pem
$ sudo cp {{ ca_cert }} /etc/step/certs/ca.pem
```
Now you'll need to configure your `/etc/mongodb.conf` to enforce client authentication.
```yaml
net:
tls:
mode: requireTLS
certificateKeyFile: /etc/step/certs/mongod.pem
CAFile: /etc/step/certs/ca.pem
```
Restart your mongoDB server for these changes to take effect.
Confirm the configuration by connecting with a mongoDB client:
```shell-session
$ cat {{ client_cert }} {{ client_key }} > client.pem
$ mongo --tls --tlsCAFile {{ ca_cert }} --tlsCertificateKeyFile client.pem
MongoDB shell version v4.4.3
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("5ddf6126-1b99-4364-a2c5-4262ad2e9d7b") }
MongoDB server version: 4.4.3
Welcome to the MongoDB shell.
...
```
Copy the `{{ server_cert }}`, `{{ server_key }}`, and `{{ ca_cert }}` files to `/etc/step/certs/`.
```shell-session
$ sudo cat {{ server_cert }} {{ server_key }} > /etc/step/certs/mongod.pem
$ sudo cp {{ ca_cert }} /etc/step/certs/ca.pem
$ sudo chown mongodb:mongodb /etc/step/certs/mongod.pem /etc/step/certs/ca.pem
```
Now you'll need to configure your `/etc/mongodb.conf` to use server authentication.
```yaml
net:
tls:
mode: requireTLS
certificateKeyFile: /etc/step/certs/mongod.pem
```
Restart your mongoDB server for these changes to take effect.
Confirm the configuration by connecting with a mongoDB client:
```shell-session
$ mongo --tls --tlsCAFile /etc/step/certs/ca.crt
MongoDB shell version v4.4.3
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("5ddf6126-1b99-4364-a2c5-4262ad2e9d7b") }
MongoDB server version: 4.4.3
Welcome to the MongoDB shell.
...
```
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment