Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Page History: Configuring Encryption in Transit - Mongo DB

Compare Page Revisions



« Older Revision - Back to Page History - Newer Revision »


Page Revision: Thu, Jul 14, 2016, 12:40 PM


Overview

This article provides the steps to take to configure encryption in transit for Mongo DB.

Assumptions

  • The client machines are assumed to be web servers.
  • The Mongo DB instances are assumed to be running on Linux server(s).
  • All servers are running as EC2 server instances under Amazon Web Services.

Procedure

Create the Root Certificate Authority Certificate

This part of the procedure should be done on a PROTECTED machine -- i.e., NOT the Mongo DB or web server.

1. Generate an RSA key pair

openssl genrsa -out MyRootCA.key 2048

2. Generate the Root CA Certificate

openssl req -x509 -new -key MyRootCA.key -days 365 -out MyRootCA.crt

3. Concatenate the CRT and KEY files into a PEM file

Windows
type MyRootCA.crt MyRootCA.key > MyRootCA.pem

Linux
cat MyRootCA.crt MyRootCA.key > MyRootCA.pem

Generate SSL Certificate for Each Server

This part of the procedure should be done on a PROTECTED machine for each Mongo DB server, as well as each web server.



Install Certificate Files on Mongo DB Servers

1. Upload files to each Mongo DB server to a /tmp folder

  • MyRootCA.crt
  • MyMongoServer.com.pem

2. Move the files to the proper folder

cd /etc/ssl
mv MyRootCA.crt .
. . .

3. Adjust security on uploaded files

chown root:root MyRootCA.crt

=Install Certificate Files on Web Servers





ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.