Configure TLS for BI Connector¶
For BI Connector to transmit data securely, you should enable Transport
Layer Security (TLS) encryption on your MongoDB instance, your
mongosqld instance, and in your BI tool. A complete description of
TLS configuration is outside the scope of this document, but this
tutorial outlines the process for creating your own TLS certificates
for testing purposes and starting the MongoDB components with TLS
Use these procedures for testing purposes only. Your production environment should use TLS certificates that a recognized certificate authority (CA) has issued.
- A MongoDB user with sufficient permissions to run
mongodinstance which you can start and stop.
mongosqldinstance which you can start and stop.
The MySQL shellTipSee also:
Note on Cluster Availability¶
To ensure read availability for your MongoDB replica sets and sharded clusters while BI Connector enables TLS, use a rolling upgrade procedure. While the replica set primary upgrades, applications must wait until after failover and election cycle completes.
Create and Test Self-Signed Certificates¶
This tutorial contains instructions on creating several files which
mongosqld process to accept OpenSSL encrypted connections
from an SQL client, such as the MySQL shell, and make an encrypted
connection with a
mongod instance. We create two
.pem files. Each file
contains an encryption key and a self-signed TLS certificate.