tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TencentDB for MongoDB
    Documentation
    Download PDF

    Enabling SSL Authentication

    Last updated: 2024-01-15 14:40:06
    Download PDF

      Overview

      Secure Sockets Layer (SSL) authentication is a process that authenticates the connection from the user client to the TencentDB server. After SSL encryption is enabled, you can get a CA certificate and upload it to the server. Then, when the client accesses the database, the SSL protocol will be activated to establish an SSL secure channel between the client and the server. This implements encrypted data transfer, prevents data from being intercepted, tampered with, and eavesdropped during transfer, and ultimately ensures the data security for both the client and the server.
      Note:
      The SSL authentication is being gradually released in regions. To try it out, submit a ticket.

      Billing Overview

      SSL encryption is free of charge.

      Notes

      You need to restart the instance to enable SSL. Perform this operation during off-peak hours, or ensure that your application has a reconnection feature.
      Enabling SSL encryption ensures the security of data access and transfer but will significantly increase CPU utilization. We recommend that you enable it only when encryption is required.
      When SSL is enabled, you will receive an expiration alarm 30 days, 15 days, and 7 days before the expiration of your certificate and on its expiration date. Refresh the SSL certificate in time; otherwise, the access authentication through SSL certificate will fail.

      Version description

      New instances of TencentDB for MongoDB 4.0 and later support SSL authentication.
      Existing instances of TencentDB for MongoDB 3.6 need to be upgraded to v4.0 to support SSL authentication.

      Prerequisites

      The database instance is in Running status, with no ongoing tasks.
      The operation is performed in off-peak hours, or the client has an automatic reconnection mechanism.

      Directions

      1. Log in to the TencentDB for MongoDB console.
      2. In the MongoDB drop-down list on the left sidebar, select Replica Set Instance or Sharded Cluster Instance. The directions for the two types of instances are similar.
      3. Above the Instance List on the right, select the region.
      4. In the instance list, find the target instance.
      5. In the Instance ID/Name column of the target instance, click the instance ID in blue font to enter the Instance Details page.
      6. Click the Data Security tab and select the Access Encryption tab.
      7. Click
      
      after Enable SSL.
      8. In the Enable SSL window, confirm the impact of enabling SSL and click OK.
      9. Wait for the Enable SSL status to become Enabled and click Download Certificate. If you receive a certificate expiration warning message, and the certificate has expired. Click Refresh Certificate to update the certificate file.
      10. In the bottom-left corner of the page, get the certificate MongoDB-CA.crt.
      11. You can use Mongo Shell to connect to TencentDB for MongoDB. For detailed directions, see Using Mongo Shell to Connect to Database by SSL Authentication. You can use multi-language SDKs to connect to TencentDB for MongoDB. For detailed directions, see Using Multi-Language SDKs to Connect to Database by SSL Authentication.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy