Navigation

Configure TLS for BI Connector

On this page

  • Prerequisites
  • Create and Test Self-Signed Certificates

For BI Connector to transmit data securely, you should enable Transport Layer Security (TLS) encryption on your MongoDB instance, your mongosqld instance, and in your BI tool. A complete description of TLS configuration is outside the scope of this document, but this tutorial outlines the process for creating your own TLS certificates for testing purposes and starting the MongoDB components with TLS enabled.

Important

Use these procedures for testing purposes only. Your production environment should use TLS certificates that a recognized certificate authority (CA) has issued.

  • A MongoDB user with sufficient permissions to run mongosqld.
  • A mongod instance which you can start and stop.
  • A mongosqld instance which you can start and stop.
  • OpenSSL

  • The MySQL shell

    Tip
    See also:

    User Permissions for Cached Sampling

To ensure read availability for your MongoDB replica sets and sharded clusters while BI Connector enables TLS, use a rolling upgrade procedure. While the replica set primary upgrades, applications must wait until after failover and election cycle completes.

Tip
See also:

Replica Set Availability

This tutorial contains instructions on creating several files which allow a mongosqld process to accept OpenSSL encrypted connections from an SQL client, such as the MySQL shell, and make an encrypted connection with a mongod instance. We create two .pem files. Each file contains an encryption key and a self-signed TLS certificate.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.

Give Feedback

On this page

  • Prerequisites
  • Create and Test Self-Signed Certificates