-
Type:
Improvement
-
Resolution: Done
-
Priority:
Major - P3
-
Affects Version/s: 2.4
-
Component/s: Documentation
The C# driver docs has an example on how to connect using SSL in http://mongodb.github.io/mongo-csharp-driver/2.4/reference/driver/ssl/. The code in the page shows:
var cert = new X509Certificate2("client.pfx", "mySuperSecretPassword"); var settings = new MongoClientSettings { SslSettings = new SslSettings { ClientCertificates = new[] { cert }, }, UseSsl = true };
However I find the code doesn't work when trying to connect to a MongoDB server with requireSSL=true.
With some help from andrew.ryder I arrived at a working code:
var cert = new X509Certificate2("client.pfx", "secret"); var settings = new MongoClientSettings { Server = new MongoServerAddress("myserver.local", 27017), SslSettings = new SslSettings { ClientCertificates = certs, ClientCertificateSelectionCallback = delegate( object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers ) { return certs[0]; }, ServerCertificateValidationCallback = delegate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors ) { return true; } }, UseSsl = true, };
There seems to be a series of requirements that are not explicit. In light of our push toward a more secure MongoDB deployment, in my opinion the SSL example should be explained more with a working code.