Enabling SSL for MongoDB
You can configure MongoDB to support SSL.
Before you begin
- MongoDB 3.4: Configure mongod and mongos for TLS/SSL
- MongoDB 4.0: Configure mongod and mongos for TLS/SSL
Procedure
-
Open MongoDB configuration file by using the following command.
vi /etc/mongod.conf
-
In the mongod.conf file, add the following SSL
properties created in the prerequisite.
- mode
- PEMKeyFile
- CAFile
Examplenet: ssl: mode: requireSSL PEMKeyFile: /etc/ssl/mongodb.pem CAFile: /etc/ssl/ca.pem allowConnectionsWithoutCertificates: true
-
Quit the MongoDB shell by pressing, Ctrl +
C and then restart the MongoDB using the
following command.
service mongod restart
-
Configure MongoDB SSL URL in the dam.properties,
common.properties, and
ml_configuration.ini files.
- common.properties and
dam.properties files - For more
information, see Connection String URI
Format.common.properties
mongo_hostname=<host_name:port_number>/?[options]
dam.propertiesmongo.url=<host_name:port_number>/?[options]
- ml_configuration.ini ([MONGO
DB] section) - For more information, see
TLS/SSL and
PyMongo.
host=<host_name:port_number>/?[options]
- common.properties and
dam.properties files - For more
information, see Connection String URI
Format.
-
Go to the $JAVA_HOME/bin folder, import the SSL
certificate in the truststore by using the following JAVA keytool
command.
keytool -import -alias <alias name> -keystore <JAVA truststore path> -file <certificate file> -storepass <password>
Examplekeytool -import -alias mongo -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file /etc/ssl/mongodb-cert.cer -storepass password
-
Using WebSphere® Application
Server administrative console, add the following properties in the Java™™ Virtual Machine (JVM)
arguments.
-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.trustStoreType=JKS
-
Restart IBM® Product Master
services.
Note: If you redeploy the IBM Product Master on a base setup that had SSL configured, the properties added in the Java™ Virtual Machine (JVM) arguments are lost, hence you need to perform step 6-7 again.