mongodb and SSL support

Comments

4 comments

  • Avatar
    Bart Oles

    Hello Ross, 
    As of now, you can try to set :

    net.ssl.mode: preferSSL
    instead of
    net.ssl.mode: requireSSL

    The preferSSL will allow non ssl connections, so CC will work. However, please bear in mind it will be possible to connect without ssl from any host allowed to connect.

    Kind regards,
    Bart

  • Avatar
    Ross

    Hi Bart

    Thanks for the response.  Unfortunately preferSSL leaves server to server replication unencrypted.  According to the docs only requireSSL forces both replication and client connections.  My main requirement is server to server.  I was hoping there would be a way to force mongo client to default to ssl via config file (similar to mysql.cnf) but there doesnt seem to be anything.  

    Any idea where the stop/start commands are defined in the product?  in a bash file or in a sql table?  I can then manually hack it until supported.

    Many thanks

    Ross

  • Avatar
    Bart Oles

    Hi Ross, Appreciate your feedback. Strict method requireSSL is not yet supported, but developers will address that in the next releases. However, for the connections where the key is present preferSSL method will make them encrypted, so it should be able to secure them even if at this point it's not enforced for all connections. 

  • Avatar
    Ross

    Thanks for the follow up Bart. Any idea how far away that may be? 

    To get around the current issue I'm wondering if I can do a hack by making /usr/bin/mongo a shell script which puts in the --ssl and --SSLCAfile so it becomes transparent to clustercontrol. Any thoughts?

    Cheers

    Ross

Please sign in to leave a comment.

Powered by Zendesk