tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TencentDB for MongoDB
    Documentation
    Download PDF

    Using Mongo Shell to Connect to Database by SSL Authentication

    Last updated: 2024-01-15 14:40:06
    Download PDF

      Overview

      When using Mongo Shell to connect to database, you can enable Secure Sockets Layer (SSL) encryption feature to improve the security of the data linkage. The network connection can be encrypted at the transport layer with the SSL encryption feature to improve the communication data security and ensure data integrity.

      Prerequisites

      You have created a Linux CVM instance in the same VPC and region as the TencentDB for MongoDB instance.
      You have obtained the username and password information for database instance access on the Account Management tab on the Database Management page. For detailed directions, see Account Management.
      You have obtained the private IP and port for database instance access in the Instance List. For detailed directions, see Viewing Instance Details.
      You have enabled SSL encryption feature on the instance. For details, see Enabling SSL Authentication.

      Directions

      This document uses the Linux operating system as an example to demonstrate the specific operation process.
      1. Download the SSL CA certificate. For detailed directions, see Enabling SSL Authentication.
      2. Upload the certificate file MongoDB-CA.crt to the CVM instance with Mongo Shell installed.
      3. On the CVM instance with Mongo Shell installed, run the following command to connect to the MongoDB database.
      Note:
      For MongoDB 4.2 and later, Transport Layer Security (TLS) is used to perform data authentication. TLS is the security protocol of transport layer, an upgraded version of SSL. When you are not sure whether to use SSL authentication or TLS authentication, you can execute ./mongo_ssl -h to confirm the authentication method.
      SSL Authentication
      ./bin/mongo -umongouser -plxh***** 172.xx.xx.xx:27017/admin --ssl --sslCAFile MongoDB-CA.crt --sslAllowInvalidHostnames
      Replace the following parameters as needed.
      -u: Database connection username
      -p: Username password
      172.xx.xx.xx and 27017 specify the IP (port number included) and port of the TencentDB for MongoDB instance respectively. If you forgot the username and password, view and modify the account and password as instructed in Account Management.
      --sslCAFile: Certificate file path of SSL authentication
      TLS Authentication
      ./bin/mongo -umongouser -plxh***** 172.xx.xx.xx:27017/admin --tls --tlsCAFile /data/MongoDB-CA.crt --tlsAllowInvalidHostnames
      --tlsCAFile: Certificate file path of TLS authentication
      4. After a successful connection, the following information will be displayed:
      The prompt information may vary by MongoDB shell version. The following takes v5.0.15 as an example.
      

      References

      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy