Configuring SSL Verification in Windows
If you are connecting to a MongoDB server that has Secure Sockets Layer (SSL) enabled, then you can configure the connector to connect to an SSL-enabled socket. When connecting to a server over SSL, the connector supports identity verification between the client and the server.
Configuring an SSL Connection without Identity Verification
You can configure a connection that uses SSL but does not verify the identity of the client or the server.
To configure an SSL connection without verification
- To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click SSL Options.
- Select the Enable SSL check box.
- Select the Allow Self-Signed Certificates check box.
- To save your settings and close the dialog box, click OK.
Configuring One-way SSL Verification
You can configure one-way verification so that the client verifies the identity of the MongoDB server.
To configure one-way SSL verification
- To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click SSL Options.
- Select the Enable SSL check box.
- Choose one:
- To verify the server using a certificate from a specific PEM file, in the Certificate Authority File field, specify the full path of the PEM file.
- Or, to verify the server using certificates stored in multiple PEM files, in the Certificate Authority Directory field, specify the full path to the directory where the PEM files are located.
- In the Certificate Revocation List File field, specify the full path of the PEM file containing the list of revoked certificates.
- To save your settings and close the dialog box, click OK.
Configuring Two-way SSL Verification
You can configure two-way SSL verification so that the client and the MongoDB server verify each other.
To configure two-way SSL verification
- To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click SSL Options.
- Select the Enable SSL check box.
- In the PEM Key File field, specify the full path of the PEM file containing the certificate for verifying the client.
- If the client certificate is protected with a password, type the password in the PEM Key Password field.
- Choose one:
- To verify the server using a certificate from a specific PEM file, in the Certificate Authority File field, specify the full path of the PEM file.
- Or, to verify the server using certificates stored in multiple PEM files, in the Certificate Authority Directory field, specify the full path to the directory where the PEM files are located.
- In the Certificate Revocation List File field, specify the full path of the PEM file containing the list of revoked certificates.
- To save your settings and close the dialog box, click OK.