Skip to content

TLS Configuration

Azita Abdollahi edited this page Apr 15, 2025 · 1 revision

TLS Configuration for Production

Enable TLS for secure communication between replica set members.


📜 Step 1: Generate Certificates

# Create Certificate Authority (CA)
openssl req -new -x509 -nodes -out ca.crt -keyout ca.key -subj "/CN=MyCA"

# Create server certs
for i in 1 2 3; do
  openssl req -new -nodes -out mongodb${i}.csr -keyout mongodb${i}.key -subj "/CN=mongodb${i}"
  openssl x509 -req -in mongodb${i}.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out mongodb${i}.crt
  cat mongodb${i}.key mongodb${i}.crt > mongodb${i}.pem
done

🛠️ Step 2: Update Docker Compose

Modify each mongodbX service:

volumes:
  - ./mongodb1.pem:/data/mongodb1.pem
  - ./ca.crt:/data/ca.crt
command: >
  mongod --bind_ip_all --replSet rs0 
  --keyFile /data/replica.key 
  --clusterAuthMode x509 
  --tlsMode requireTLS 
  --tlsCertificateKeyFile /data/mongodb1.pem 
  --tlsCAFile /data/ca.crt

🧪 Step 3: Connect with TLS(Update your init script to use TLS)

mongosh --tls \
  --tlsCAFile /data/ca.crt \
  --tlsCertificateKeyFile /data/mongodb1.pem \
  -u root -p password --host mongodb1
Clone this wiki locally