Setting up SSL for the MongoDB shell

You can set up SSL for the MongoDB shell. This information uses MongoDB shell version 3.0 and assumes that the MongoDB shell runs on a Windows system.

Procedure

To start the MongoDB shell with SSL, take the following action:

  • Start the MongoDB shell with the –ssl and –sslCAFile parameters specified on the command.
    –sslCAFile
    Specifies the location of the certificate authority (CA) certificate file that is used to validate the z/TPF support for MongoDB server certificate that is defined in the SSL configuration file for MongoDB on the z/TPF system.
    The following sample command starts the MongoDB shell:
    mongo  myTPFSystem.com/tpfdf -u mongUser -p mongPass --ssl --sslCAFile 
c:\MongoDBCerts\cacert.pem

You can optionally specify any of the following parameters when you start the MongoDB shell:

  • Start the MongoDB shell with the --sslAllowInvalidHostnames parameter specified on the command.

    The MongoDB shell tries to validate that the host name used to connect to the z/TPF system matches the host name or common name in the z/TPF support for MongoDB server certificate that is defined in the SSL configuration file. If they do not match, you must specify the --sslAllowInvalidHostnames parameter when you start the MongoDB shell.

    The following sample command starts the MongoDB shell with the --sslAllowInvalidHostnames parameter specified.

    mongo  myTPFSystem.com/tpfdf -u mongUser -p mongPass --ssl --sslCAFile 
c:\MongoDBCerts\cacert.pem  --sslAllowInvalidHostnames
  • Start the MongoDB shell with the certificate and key specified on the command.

    If you use MongoDB remote client authentication by specifying VERIFYPEER=YES in the SSL configuration file for MongoDB on the z/TPF system, you must specify the certificate and key of the remote client when you start the MongoDB shell.

    The MongoDB shell assumes that the key and the certificate are contained in one file. If the key and certificate of the remote client are in separate files, you can concatenate them into one file. For example, on a Linux® system, you can enter the following command to concatenate the key and certificate into one file:
    	cat MongoClientKey.pem > MongoClientKeyCert.pem
	cat MongoClientCert.pem >> MongoClientKeyCert.pem
    The following sample command starts the MongoDB shell when you enable MongoDB remote client authentication on the z/TPF system.
    mongo  myTPFSystem.com/tpfdf -u mongUser -p mongPass --ssl --sslCAFile 
c:\MongoDB\cacert.pem  --sslPEMKeyFile c:\MongoDB\MongoClientKeyCert.pem