Mongodb Classroom image

Anil  Bist / Professional / DataBase

To post your Question Join Classroom
Lesson Topics's No:-  |1 | 2 | 3|Last
Lessons:-How to configure a ReplicaSet to support TLS/SSL?

How to configure a ReplicaSet to support TLS/SSL?

Create the Root Certificate

The Root Certificate (aka CA File) will be used to sign and identify your certificate. To generate it, run the command below.

openssl  req  -nodes  -out  ca.pem  -new  -x509  -keyout  ca.key


Keep the root certificate and its key carefully, both will be used to sign your certificates. The root certificate might be used by your client as well. 

Generate the Certificate Requests and the Private Keys

When generating the Certificate Signing Request (aka CSR), input the exact hostname (or IP) of your node in the Common Name (aka CN) field. The others fields must have exactly the same value. You might need to modify your /etc/hosts file.

The commands below will generate the CSR files and the RSA Private Keys (4096 bits).


You must generate one CSR for each node of your ReplicaSet. Remember that the Common Name is not the same from one node to another. Don't base multiple CSRs on the same Private Key.

You must now have 3 CSRs and 3 Private Keys.


Sign your Certificate Requests

Use the CA File (ca.pem) and its Private Key (ca.key) generated previously to sign each Certificate Request by running the commands below.

Anil  Bist

Skills    Mongodb

Qualifications :- High School - SLV, College/University - Graphic Era Deemed Univ University,
Location :-Dehradun,Dehradun,Uttarakhand,India

in 2006, i Join a web development company in Bangalore and start work on "Ruby on Rail" this is my first web development framework and we worked in this framework and develop four to five project after some time , I moved to JEE/Sturst frame work,

After some time i decided that now times come and I have to go on in my own way and I started a company name is "Soarlogic&q


  Students (0)