Connect remote mongodb with SSL enabled

Hi Guys, is there a document about how to communicate SSL enabled MongoDB using self-signed client certificate ?

3 Likes

Have you checked the MongoDB docs on this?

Note that you can use Let’s Encrypt certificates, which are CA signed and free.

1 Like

@robfallows Yes, I checked MongoDB docs, and enabled SSL on MongoDB already. I tested my NodeJS code and verified my Mongodb SSL configuration is correct.

Now I want to connect to Mongodb using a client.pem and ca.pem from my meteor app. I searched a little bit, and found out this ticket What MONGO_URL to connect to MongoDB Server with SSL?

so my question is: to connect to mongodb with SSL, what should I do on Meteor app side, is it sufficient I only do following:
MONGO_URL=mongodb://user:password@ip:port/mydb?ssl=true

How do I tell Meteor where my client.pem and ca.pem are?

1 Like

Maybe. If you’re using a replica set with oplog tailing, it’s a little more complicated.

If you put these into /etc/ssl/ (or equivalent system CA store) you should be ok.

Hi @robfallows ,

I am trying to connect to a remote ssl-enabled mongo server using a replica set but couldn’t get a connection so far.

I am using:
MONGO_URL=‘mongodb://user:password@server:port/collection’ meteor
or MONGO_URL=‘mongodb://user:password@server:port/collection?replicaSet=name&ssl=true’ meteor

With this startup.js file (running on both client and server):

Mongo.setConnectionOptions({
replicaSet:‘name’,
ssl: true,
sslValidate: true,
sslCA: Assets.getText(‘certificates/ca.pem’)
});

Am I doing something wrong? Please let me know if you have any tips!

Thanks

Nevermind, the code works, it’s just that Grapher (https://github.com/cult-of-coders/grapher) does not get the proper connection options.

For those who are interested, Mongo.setConnectionOptions() must called in a package, before all others.
Exemples: https://github.com/danwild/set-connection-options/network/members (use one of the forks to avoid import issues)

2 Likes

FYI for anyone else looking for solutions, this page helped me a lot. You can use Meteor settings to point to the TLS certificate in your Assets (pivate directory): https://docs.meteor.com/api/collections.html#mongo_connection_options_settings