Configuring SSL Verification

If you are connecting to a MongoDB server that has Secure Sockets Layer (SSL) enabled, then you can configure the connector to connect to an SSL-enabled socket. When connecting to a server over SSL, the connector supports identity verification between the client and the server.

For detailed information about the options on this page, see SSL Driver Configuration Options on page 1.

Configuring an SSL Connection without Identity Verification

You can configure a connection that uses SSL but does not verify the identity of the client or the server.

To configure an SSL connection without verification:

1. To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click SSL Options.
2. Select the Enable SSL check box.
3. Select the Allow Self-Signed Certificates check box.
4. To save your settings and close the dialog box, click OK.

Configuring One-way SSL Verification

You can configure one-way verification so that the client verifies the identity of the MongoDB server.

To configure one-way SSL verification:

1. To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click SSL Options.
2. Select the Enable SSL check box.
3. Choose one:
• To verify the server using a certificate from a specific PEM file, in the Certificate Authority File field, specify the full path of the PEM file.
• Or, to verify the server using certificates stored in multiple PEM files, in the Certificate Authority Directory field, specify the full path to the directory where the PEM files are located.
4. In the Certificate Revocation List File field, specify the full path of the PEM file containing the list of revoked certificates.
5. To save your settings and close the dialog box, click OK.

Configuring Two-way SSL Verification

You can configure two-way SSL verification so that the client and the MongoDB server verify each other.

To configure two-way SSL verification:

1. To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click SSL Options.
2. Select the Enable SSL check box.
3. In the PEM Key File field, specify the full path of the PEM file containing the certificate for verifying the client.
4. If the client certificate is protected with a password, type the password in the PEM Key Password field.
5. Choose one:
• To verify the server using a certificate from a specific PEM file, in the Certificate Authority File field, specify the full path of the PEM file.
• Or, to verify the server using certificates stored in multiple PEM files, in the Certificate Authority Directory field, specify the full path to the directory where the PEM files are located.
6. In the Certificate Revocation List File field, specify the full path of the PEM file containing the list of revoked certificates.
7. To save your settings and close the dialog box, click OK.

Related topics

• Enable SSL
• sslAllow Self-Signed InvalidCertificates
• sslPEM Key File
• sslPEM Key Password
• sslCertificate Authority File
• sslCertificate Authority Directory
• sslCertificate Revocation List File
• Creating a Data Source Name
• Driver Configuration Options on page 1