Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Page History: Configuring Encryption in Transit - Mongo DB

Compare Page Revisions



« Older Revision - Back to Page History - Newer Revision »


Page Revision: Thu, Jul 14, 2016, 1:13 PM


Overview

This article provides the steps to take to configure encryption in transit for Mongo DB.

Assumptions

  • The client machines are assumed to be web servers.
  • The Mongo DB instances are assumed to be running on Linux server(s).
  • All servers are running as EC2 server instances under Amazon Web Services.

Procedure

Create the Root Certificate Authority Certificate

This part of the procedure should be done on a PROTECTED machine -- i.e., NOT the Mongo DB or web server.

1. Create a folder to hold the Root CA Files

mkdir MyRootCA

2. Generate an RSA key pair

openssl genrsa -out MyRootCA.key 2048

3. Generate the Root CA Certificate

openssl req -x509 -new -key MyRootCA.key -days 365 -out MyRootCA.crt

4. Concatenate the CRT and KEY files into a PEM file

Windows
type MyRootCA.crt MyRootCA.key > MyRootCA.pem

Linux
cat MyRootCA.crt MyRootCA.key > MyRootCA.pem

Generate SSL Certificate for Each Server

This part of the procedure should be done on a PROTECTED machine on behalf of each Mongo DB server, as well as each web server.

1. Create a folder for each server's files.

mkdir PublicDnsOfServer

2. Set HOSTNAME environment variable

Windows
SET HOSTNAME=PublicDnsOfServer

Linux
HOSTNAME='PublicDnsOfServer'
export HOSTNAME

Notice

All the commands for the rest of this part of the procedure are the versions for Windows. The equivalent Linux command is found by replacing %HOSTNAME% with $HOSTNAME.


3. Generate Key Pair for the Server

openssl genrsa -out $HOSTNAME.key 2048

Install Certificate Files on Mongo DB Servers

1. Upload files to each Mongo DB server to a /tmp folder

  • MyRootCA.crt
  • MyMongoServer.com.pem

2. Move the files to the proper folder

cd /etc/ssl
mv MyRootCA.crt .
. . .

3. Adjust security on uploaded files

chown root:root MyRootCA.crt

=Install Certificate Files on Web Servers





ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.