MongoDB Notes
To create the certificate from the certificate request, perform this procedure.
Prerequisites
1.The certificate request testreq.csr is located in C:\ca.
2.The OPENSSL_CONF environmental variable points to the configuration file ca.cfg of the certificate authority.
3.The HOME environmental variable is set according to the previous section.
Procedure
1.Open a command window or access the command window used in the previous section.
2.If not already in directory C:\ca, change to that directory.
3.Perform this command:
openssl x509 -req -in testreq.csr -CA ca.pem -CAkey private\cakey.pem -CAcreateserial -out testcert.crt
The command will prompt you for the pass phrase for you CA's private key, not the pass phrase supplied to the certificate request. The command will create a certificate with a name testcert.crt.
4.View the certificate with this command:
openssl x509 -in testcert.crt -text -noout | more
5.To use the certificate in MongoDB, the private key generated in the previous section must be combined with the certificate create in this section. You concatenate the files with this command:
type testkey.key testcert.crt > client.pem
The process generates the file client.pem which can be used with the mongo. See Authentication with X.509 Certificates for the format of the mongo command when using the user certificate.
Related Information
