CNs are important!!! -days 3650
openssl req -newkey rsa:2048 -new -x509 -days 3650 -nodes -subj '/C=US/ST=Massachusetts/L=Bedford/O=Personal/OU=Personal/[email protected]/CN=localhost' -out mongodb-cert.crt -keyout mongodb-cert.key
cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
cp mongodb-cert.crt mongodb-ca.crt
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
ssl:
mode: allowSSL
PEMKeyFile: /etc/ssl/mongodb.pem
CAFile: /etc/ssl/mongodb-cert.crt
sudo mongod --config /etc/mongod.conf
sudo service mongod restart
mongo --ssl --sslAllowInvalidHostnames --sslCAFile mongodb-ca.crt --sslPEMKeyFile /etc/ssl/mongodb.pem
{
ssl: true,
sslValidate: true,
sslKey: fs.readFileSync('/etc/ssl/mongodb.pem'),
sslCert: fs.readFileSync('/etc/ssl/mongodb-cert.crt'),
sslCA: fs.readFileSync('/etc/ssl/mongodb-ca.crt')
}
This was a lifesaver for me. Too many variables meant I couldnt get this to work even in a basic way.