Navigation

Configure Automation Agent for SSL

On this page

Cloud Manager supports SSL for encrypting the following connections made by Automation Agents:

  • Connections between the Automation Agents and MongoDB instances.
  • Connections between the Automation Agents and Cloud Manager.

Prerequisite

To configure the agent to use SSL, you must have a trusted CA certificate that signed the MongoDB instance’s certificate.

Procedures

Connections between Agent and MongoDB Instances

To use SSL for the Automation Agent’s connection to a MongoDB host, specify the host’s SSL settings when adding the host or by editing the host’s settings.

Note

Cloud Manager can manage TLS/SSL for you if you are using Automation for the deployment. With Automation, Cloud Manager prompts you for the certificates to use to connect to the deployment when you enable TLS/SSL and then configures the agents appropriately. To learn how to configure TLS/SSL, see Enable SSL for a Deployment.

1

Specify path to trusted CA certificate.

If your Ops Manager deployment uses TLS/SSL, then you must configure the Automation Agent to use TLS/SSL. To configure the agent to use TLS/SSL, you must have a trusted Certificate Authority certificate that signed the MongoDB instance’s certificate.

In the agent’s install directory, edit the configuration file to set sslTrustedMMSServerCertificate field to the path of a file containing one or more certificates in PEM format.

Platform Installation Method Default Config File Path
RHEL, CentOS, Amazon Linux and Ubuntu package manager /etc/mongodb-mms/automation-agent.config
macOS or other Linux distributions tar /path/to/install/local.config
Windows msi C:\MMSData\Automation\automation-agent.config

Example

If you would use the following command to connect through the mongo shell:

mongo --ssl --sslCAFile /etc/ssl/ca.pem example.net:27017

Then you would modify the configuration file, setting this key/value pair:

sslTrustedMMSServerCertificate=/etc/ssl/ca.pem

To learn more about these settings, see Cloud Manager SSL Settings.

2

Restart the agent.

Connections between Agent and Cloud Manager

Automation Agents connect to Cloud Manager using TLS/SSL.