-
Notifications
You must be signed in to change notification settings - Fork 0
TLS Configuration
Azita Abdollahi edited this page Apr 15, 2025
·
1 revision
Enable TLS for secure communication between replica set members.
# Create Certificate Authority (CA)
openssl req -new -x509 -nodes -out ca.crt -keyout ca.key -subj "/CN=MyCA"
# Create server certs
for i in 1 2 3; do
openssl req -new -nodes -out mongodb${i}.csr -keyout mongodb${i}.key -subj "/CN=mongodb${i}"
openssl x509 -req -in mongodb${i}.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out mongodb${i}.crt
cat mongodb${i}.key mongodb${i}.crt > mongodb${i}.pem
done
volumes:
- ./mongodb1.pem:/data/mongodb1.pem
- ./ca.crt:/data/ca.crt
command: >
mongod --bind_ip_all --replSet rs0
--keyFile /data/replica.key
--clusterAuthMode x509
--tlsMode requireTLS
--tlsCertificateKeyFile /data/mongodb1.pem
--tlsCAFile /data/ca.crt
mongosh --tls \
--tlsCAFile /data/ca.crt \
--tlsCertificateKeyFile /data/mongodb1.pem \
-u root -p password --host mongodb1