Enabling SSL for MongoDB

You can configure MongoDB to support SSL.

1. Open MongoDB configuration file by using the following command.

   vi /etc/mongod.conf

2. In the mongod.conf file, add the following SSL properties created in the prerequisite.
   • mode
   • PEMKeyFile
   • CAFile
   Example

   net: 
   ssl:
         mode: requireSSL
         PEMKeyFile: /etc/ssl/mongodb.pem
         CAFile: /etc/ssl/ca.pem
         allowConnectionsWithoutCertificates: true

3. Quit the MongoDB shell by pressing, Ctrl + C and then restart the MongoDB using the following command.

   service mongod restart

4. Configure MongoDB SSL URL in the dam.properties, common.properties, and ml_configuration.ini files.
   • common.properties and dam.properties files - For more information, see Connection String URI Format.
     common.properties

     mongo_hostname=<host_name:port_number>/?[options]

     dam.properties

     mongo.url=<host_name:port_number>/?[options]

   • ml_configuration.ini ([MONGO DB] section) - For more information, see TLS/SSL and PyMongo.

     host=<host_name:port_number>/?[options]

5. Go to the $JAVA_HOME/bin folder, import the SSL certificate in the truststore by using the following JAVA keytool command.

   keytool -import -alias <alias name> -keystore <JAVA truststore path> -file <certificate file> -storepass <password>

   Example

   keytool -import -alias mongo -keystore "$JAVA_HOME/jre/lib/security/cacerts" -file /etc/ssl/mongodb-cert.cer -storepass password

6. Using WebSphere® Application Server administrative console, add the following properties in the Java™™ Virtual Machine (JVM) arguments.

   -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts 
   -Djavax.net.ssl.trustStorePassword=password
   -Djavax.net.ssl.trustStoreType=JKS

7. Restart IBM® Product Master services.
   Note: If you redeploy the IBM Product Master on a base setup that had SSL configured, the properties added in the Java™ Virtual Machine (JVM) arguments are lost, hence you need to perform step 6-7 again.