Navigation
This documentation refers to the on premises version of MongoDB Charts. For documentation on the MongoDB Charts SaaS application in Atlas, click here.

Configure TLS/SSL for Data Sources

MongoDB Charts can connect to MongoDB deployments running with or without TLS/SSL enabled. If the deployment is running with TLS/SSL enabled, configuring your data source depends on whether the certificate is:

  • signed by a trusted root certificate authority, or
  • self-signed or issued by an internal certificate authority.

Note

MongoDB deployments should use TLS/SSL 1.1 or later.

Certificate Signed by a Trusted Root CA

To connect Charts to a MongoDB deployment using a certificate signed by a trusted root certificate authority, add a data source and append the ssl=true option to the Connection String URI:

mongodb://[username:password@]<server>:<port>/<database>?ssl=true

Note

No additional configuration is required when using a certificate signed by a trusted root certificate authority.

Self-Signed Certificate or Certificate Issued by an Internal CA

To connect Charts to a MongoDB deployment using a self-signed certificate or a certificate issued by an internal certificate authority, you must copy the certificate to the Docker volume. The following steps copy the certificate to the Docker volume, redeploy the Charts application, and add a new data source configured to use TLS/SSL:

1

Copy the certificates to the Charts Docker volume.

The certificate must be in the .pem format and will be either:

  • the self-signed certificate used by the MongoDB deployment, or
  • the CA’s root certificate, if the certificate used by the MongoDB deployment was issued by a CA.

The following command copies certificates in the C:\path\to\certs directory to the Charts host:

docker run -it -v mongodb-charts_db-certs:/volume -v /c/path/to/certs:/localcerts alpine sh -c 'cp /localcerts/*.pem /volume'

Note

This Docker command uses Unix-style paths on Windows.

The following command copies certificates in the /path/to/certs directory to the Charts host:

docker run -it -v mongodb-charts_db-certs:/volume -v /path/to/certs:/localcerts alpine sh -c 'cp /localcerts/*.pem /volume'

The following command copies certificates in the /path/to/certs directory to the Charts host:

docker run -it -v mongodb-charts_db-certs:/volume -v /path/to/certs:/localcerts alpine sh -c 'cp /localcerts/*.pem /volume'
2

Redeploy the Charts Docker stack.

docker stack rm mongodb-charts

Before redeploying, execute docker ps a few times until it shows no running Charts containers. It can take a little while for the containers to shut down. Then, relaunch the stack using:

docker stack deploy -c charts-docker-compose-v0.10.0.yml mongodb-charts

Note

If you are using a different version of Charts, replace v0.10.0 with the version number of your release.

3

Add a Charts data source using TLS/SSL.

Using the Charts application, add a data source and append the ssl=true option to the Connection String URI to use TLS/SSL when connecting to this data source:

mongodb://[username:password@]<server>:<port>/<database>?ssl=true