Last active
March 24, 2025 10:32
-
-
Save kevinadi/96090f6f9973ff8c2d019bbe0d9a0f70 to your computer and use it in GitHub Desktop.
Revisions
-
kevinadi revised this gist
Sep 10, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -30,7 +30,7 @@ cat client.key client.crt > client.pem # Start mongod with SSL # mkdir -p data/db # mongod --sslMode requireSSL --sslPEMKeyFile server.pem --sslCAFile ca.crt --dbpath data/db --logpath data/mongod.log --fork # Connect to mongod with SSL # mongo --ssl --sslCAFile ca.crt --sslPEMKeyFile client.pem --host `hostname -f` -
Feb 24, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,36 @@ #!/bin/sh # Generate self signed root CA cert openssl req -nodes -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=AU/ST=NSW/L=Sydney/O=MongoDB/OU=root/CN=`hostname -f`/[email protected]" # Generate server cert to be signed openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=AU/ST=NSW/L=Sydney/O=MongoDB/OU=server/CN=`hostname -f`/[email protected]" # Sign the server cert openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt # Create server PEM file cat server.key server.crt > server.pem # Generate client cert to be signed openssl req -nodes -newkey rsa:2048 -keyout client.key -out client.csr -subj "/C=AU/ST=NSW/L=Sydney/O=MongoDB/OU=client/CN=`hostname -f`/[email protected]" # Sign the client cert openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAserial ca.srl -out client.crt # Create client PEM file cat client.key client.crt > client.pem # Create clientPFX file (for Java, C#, etc) # openssl pkcs12 -inkey client.key -in client.crt -export -out client.pfx # Start mongod with SSL # mkdir -p data/db # mongod --sslMode requireSSL --sslPEMKeyFile cert.pem --sslCAFile ca.crt --dbpath data/db --logpath data/mongod.log --fork # Connect to mongod with SSL # mongo --ssl --sslCAFile ca.crt --sslPEMKeyFile client.pem --host `hostname -f`