Created
May 3, 2016 16:56
-
-
Save rlindooren/d248247463da74ba8688225ac6ed1e52 to your computer and use it in GitHub Desktop.
Java & MongoDB on Mac OS X: Enable SSL connections with a self signed certificate and allowing clients to connect without a client certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install MongoDB with SSL support (using brew, because the download from the mongodb website is build without SSL support) | |
| brew install mongodb --with-openssl | |
| # Create a certificate | |
| cd /usr/local/etc/openssl/certs/ | |
| openssl req -newkey rsa:2048 -new -x509 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key | |
| cat mongodb-cert.key mongodb-cert.crt > mongodb.pem | |
| # Make a backup of the Java truststore (just in case) | |
| sudo cp $JAVA_HOME/jre/lib/security/cacerts $JAVA_HOME/jre/lib/security/cacerts.original | |
| # Trust the created certificate (default password for the truststore is 'changeit') | |
| # Note: when installing a new JVM version you will have to do this again (since it comes with a new truststore)! | |
| sudo keytool -import -alias localhost -keystore $JAVA_HOME/jre/lib/security/cacerts -file /usr/local/etc/openssl/certs/mongodb-cert.crt | |
| # Start MongoDB allowing SSL (but not requiring it) with the certificate we created (also allowing clients to not provide a client certificate) | |
| mongod --sslMode allowSSL -sslPEMKeyFile /usr/local/etc/openssl/certs/mongodb.pem --sslAllowInvalidCertificates |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment