-
Type: Question
-
Resolution: Done
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Server Triage
---- x509 certs creation steps for the server
openssl genrsa -out mongoCA.key -aes256 2048
dn_prefix="/C=US/ST=MO/L=Monett/O=JHA/OU=EPLOG_MGDB_REPL_QADEV/CN=MONGODBREPLCA"
openssl req -new -x509 -days 3650 -key mongoCA.key -out mongoCA.crt -subj "$dn_prefix"
SUBJECT="/C=US/ST=MO/L=Monett/O=JHA/OU=EPLOG_MGDB_REPL_QADEV/CN=10.228.72.177"
openssl req -new -nodes -newkey rsa:4096 -subj "$SUBJECT" -keyout azapppmgcdb01t.key -out azapppmgcdb01t.csr
openssl x509 -CA mongoCA.crt -CAkey mongoCA.key -CAcreateserial -req -days 36500 -in azapppmgcdb01t.csr -out azapppmgcdb01t.crt
cat azapppmgcdb01t.crt azapppmgcdb01t.key > azapppmgcdb01t.pem
vi /mg_data/mdb-4.2/test/conf/mongod.conf
net:
tls:
mode: preferTLS
certificateKeyFile: /mg_data/mdb-4.2/test/conf/auth/certs/azapppmgcdb01t.pem
CAFile: /mg_data/mdb-4.2/test/conf/auth/certs/mongoCA.crt
clusterFile: /mg_data/mdb-4.2/test/conf/auth/certs/azapppmgcdb01t.pem
security:
clusterAuthMode: x509
-------- x509 certs creation steps for the client
SUBJECT="/C=US/ST=CA/L=San Francisco/O=Star One Credit Union/OU=EPLOG_MGDB_CLIENT_QADEV/emailAddress=rtk@jhaaa.com/CN=rtk"
openssl req -new -nodes -newkey rsa:4096 -keyout client_rtk.key -out client_rtk.csr -subj "$SUBJECT"
openssl x509 -CA mongoCA.crt -CAkey mongoCA.key -CAcreateserial -req -days 36500 -in client_rtk.csr -out client_rtk.crt
cat client_rtk.crt client_rtk.key > client_rtk.pem