Show/Hide Toolbars

MongoDB Notes

Navigation: Digital Certificates > Creating Certificates for MongoDB

Create a Certificate Request for a Member Certificate

 Scroll Prev Top Next More

 

1.Open a command window.

2.Change directories to C:\ca.

3.Set the HOME environmental variable with this command:

 

SET HOME=C:\MinGW\msys\1.0

 

4.Create a configuration file for the request like the one below.  Name it request_member.cfg.  

5.Modify the configuration file with the desired values of the distinguished name.

6.Perform this OpenSSL command, referencing the configuration file.  The command will prompt you for the fields.  You can accept the default values by entering just typing the Enter key.

 

openssl req -nodes -newkey rsa:2024 -keyout testkey.key -config request_member.cfg -out testreq.csr

 

Note: The -nodes (no DES) option must be used.  Otherwise, the openssl command prompts for a password and encrypts the private key.  Encrypting the private kill will cause mongod to fail.

 

7.View the request with this command:

 

openssl req -in testreq.csr -text -noout | more

 

The process produces two file:

testkey.key which is the private key for user.

testreq.csr which is the certificate request needed for the next step.

 

Example Configuration File for Member Certificate Request

 

###############################################################################

# Member Certificate Request Configuration File

 

[ req ]

default_bits            = 2048                  # RSA key size

encrypt_key             = yes                   # Protect private key

default_md              = sha1                  # MD to use

utf8                    = yes                   # Input is UTF-8

string_mask             = utf8only              # Emit UTF-8 strings

prompt                  = yes                   # Prompt for DN

distinguished_name      = codesign_dn           # DN template

req_extensions          = codesign_reqext       # Desired request extensions

 

[ codesign_dn ]

commonName              = "Common Name         (eg, server name )"

commonName_max          = 64

organizationalUnitName  = "Organizational Unit Name (eg, section)"

organizationalUnitName_default = MongoDBServer

organizationName        = "Organization Name        (eg, company)"

organizationName_default = Waysys LLC

stateOrProvinceName     = "State Name                (eg, region)"

stateOrProvinceName_default = North Carolina

countryName             = "Country Name (2 letters)      (eg, US)"

countryName_max         = 2

countryName_default     = US

1.domainComponent       = "Second domain component (eg. waysysweb)"

1.domainComponent_default = waysysweb

0.domainComponent       = "First domain componenet      (eg. com)"

0.domainComponent_default = com

 

 

[ codesign_reqext ]

keyUsage                = digitalSignature

extendedKeyUsage        = clientAuth

subjectAltName          = @alt_names

 

[ alt_names ]

DNS.1                   = database.m310.mongodb.university

IP.1                    = 127.0.0.1

DNS.2                   = localhost

 

Issues

 

If the HOME environmental variable is not set, OpenSSL will issue an error:

 

unable to write 'random state'

 

Piping the output from the OpenSSL command to more produces an output that is more readable than the raw output from the OpenSSL command.