Configure SSL for BI Connector¶
For BI Connector to transmit data securely, you should enable Transport
Layer Security (TLS) encryption on your MongoDB instance, your
mongosqld instance, and in your BI tool. A complete description of
TLS configuration is outside the scope of this document, but this
tutorial outlines the process for creating your own TLS certificates
for testing purposes and starting the MongoDB components with TLS
The procedures described in this tutorial are for testing purposes only. A production environment should use SSL certificates issued by a recognized certificate authority (CA).
- A MongoDB user with sufficient permissions to run
mongosqld. For more information about user permissions and BI Connector, see User Permissions for Cached Sampling.
mongodinstance which you can start and stop.
mongosqldinstance which you can start and stop.
- The MySQL shell
Note on Cluster Availability¶
For MongoDB replica sets, including sharded replica sets, use a rolling upgrade procedure to ensure that the cluster can continue to serve read operations while the procedure is ongoing. While the replica set primary is undergoing upgrade procedures, database applications must either hold or retry write operations until after the automatic failover and election cycle completes. See Replica Set Availability for more information.
Create and Test Self-Signed Certificates¶
This tutorial contains instructions on creating several files
which allow a
mongosqld process to accept OpenSSL
encrypted connections from an SQL client, such as the MySQL shell,
and make an encrypted connection with a
We create two .pem files,
each of which consists of an encryption key and a self-signed