Navigation

Configure MongoDB Agent to Use TLS

On this page

Prerequisite

To configure the MongoDB Agent to use TLS, you must have the trusted Certificate Authority certificate that signed the MongoDB instance’s certificate.

Procedures

Configure Connections between MongoDB Agent and MongoDB Instances

To use TLS for the MongoDB Agent’s connection to a MongoDB deployment, specify the deployment’s TLS settings when adding the deployment or editing the deployment’s settings.

Note

Cloud Manager can manage TLS for you if you are using Automation for the deployment. With Automation, Cloud Manager prompts you for the certificates to use to connect to the deployment when you enable TLS and then configures the agents appropriately. To learn how to configure TLS, see Enable TLS for a Deployment.

1

Specify the absolute file path to your trusted CA certificate in the MongoDB Agent config file.

If you enabled TLS for your Cloud Manager deployment, then you must configure the MongoDB Agent to use TLS. To configure the MongoDB Agent to use TLS, you must have the trusted Certificate Authority certificate that signed the MongoDB instance’s certificate.

In the MongoDB Agent’s install directory, edit the configuration file to set sslTrustedMMSServerCertificate field to the path of a file containing one or more certificates in PEM format.

The location of the MongoDB Agent configuration file is C:\MMSData\Automation\automation-agent.config.

Note

The MongoDB Agent configuration file is named automation-agent.config as a way to enable easier upgrades for those using legacy agents.

The location of the MongoDB Agent configuration file is /path/to/install/local.config.

The location of the MongoDB Agent configuration file is /path/to/install/local.config.

The location of the MongoDB Agent configuration file is /etc/mongodb-mms/automation-agent.config.

Note

The MongoDB Agent configuration file is named automation-agent.config as a way to enable easier upgrades for those using legacy agents.

The location of the MongoDB Agent configuration file is /etc/mongodb-mms/automation-agent.config.

Note

The MongoDB Agent configuration file is named automation-agent.config as a way to enable easier upgrades for those using legacy agents.

Example

Use the following command to connect through the mongo shell:

mongo --ssl --sslCAFile /etc/ssl/ca.pem example.net:27017

Then, modify the configuration file and set the following key/value pair:

sslTrustedMMSServerCertificate=/etc/ssl/ca.pem

Save the configuration file.

To learn more about these settings, see Cloud Manager TLS Settings.

2

Restart the Agent.

Configure Connections between MongoDB Agent and Cloud Manager

The MongoDB Agent uses TLS to connect to Cloud Manager without your intervention.