How to Enable TLS/SSL on Compose MongoDB
Learn how to encrypt connections to your Compose MongoDB deployment by enabling TLS/SSL
Compose by IBM is one of the most popular “MongoDB as a service” cloud providers.
TLS/SSL encryption is available in Compose for deployments created with the default New MongoDB Deployment option, which will create a new MongoDB 3.2 server.
Sadly enough, this option is not available to deployments created before October 2015, as well as to those provisioned through the Classic MongoDB Deployment option.
Enabling TLS/SSL on Compose MongoDB
The only thing you need to do to enable TLS/SSL on Compose MongoDB is activating the Enable SSL access option when provisioning a new deployment.
Unfortunately, this option can not be enabled for any existing deployment.
Downloading the server public key and connecting using TLS on the Mongo shell
Log into your Compose account, select your MongoDB deployment and on the Overview page you’ll see an SSL Public Key panel with a Show SSL Public Key button. Click that, enter your password and the page will refresh with the key details.
You’ll want to copy and paste all the text, from -----BEGIN to END CERTIFICATE-----, into a file on your local file system. For this example we'd save it as example.pem. Now we can give this certificate to the mongo command like so:
$ mongo --ssl --sslCAFile example.pem example.dblayer.com:1037/adminNow you’ll get a connection which checks the certificate and ensures you’re connecting to the right server.
