MongoDB uses two types of x509 certificates for authentication and encrypting connections between processes:
•member certificates
•user certificates
You supply member certificates to the mongod and mongos processes, which use them for authentication among processes. You supply a user certificate to the mongo process. See Authentication with X.509 Certificates to see the how to supply certificates to the MongoDB processes.
The procedures for setting up member and user certificates are similar. But, since there are a few differences, the procedures are presented separately.
•To create a certificate, you need the private key and certificate for the CA, created when setting up a certificate authority.
•These procedures assume you are working in the directory where you set up your CA.
To create a member certificate using your CA, perform these steps:
1.Create a certificate request for a member certificate.
2.Create a member certificate from the certificate request.
To create a user certificate using your CA, perform these steps.
1.Create a certificate request for a user certificate.
2.Create a user certificate from the certificate request.
•Setting Up a Certificate Authority