How to Set Up SSL With Automation



Cloud Manager supports advanced security configuration options such as SSL, Kerberos, LDAP or X.509. SSL can be used by all Cloud Manager users, while Kerberos, LDAP, and X.509 authentication are for MongoDB Enterprise builds only. In this blog post, we will explain how to setup SSL with Automation. Here’s how to get started:

  1. Login to Cloud Manager and browse to the Deployment tab.
  2. In the “…” button, next to the green Add button, choose “Authentication & SSL Settings” ... Menu
  3. Click Next to configure SSL
  4. Click the Enable SSL button Enable SSL
  5. Enter the path on your server for the CA File. This CA file should contain the Certificates, in PEM format, for Issuer of the Certificates being used by MongoDB (the sslPEMKeyFile).
      • (NOTE: the file should be manually placed on the server before proceeding).
  6. Choose client certificate mode “optional” or “required”
      • Optional: mongod and mongos process are started with both the net.ssl.CAFile and net.ssl.allowConnectionsWithoutCertificates options. As such, the mongo shell and drivers need not possess client certificates.
      • Required: mongod and mongos processes are started with the net.ssl.CAFile setting. Each mongo shell and driver process must possess a client certificate.
  7. Next, specify PEM Key File for your Automation, Backup, and/or Monitoring Agent.
      • (NOTE: If the PEM Key File is encrypted, the password must also be specified.) Configure Agents
  8. If the PEM Key File is encrypted, the password must also be applied.
  9. The SSL options then need to be set on each server.
  10. Next, the SSL options need to be set on each server. Go to the Deployments tab and in the Processes view.
  11. Select the process that you would like to edit and click the Wrench icon to Edit the Configuration
  12. Expand the Advanced Options at the bottom.
  13. Set the following options:
      • sslmode: requireSSL, allowSSL, or preferSSL
      • sslPemKeyFile: Input the path to the server certificate. (Note: the file should be manually placed on the server before proceeding)
      • sslPemKeyPassword: If you are using an encrypted PEM key file, use sslPemKeyPassword to specify the password. Advanced Settings
  14. Click Apply.
  15. Finally, click Save and Review & Deploy.


  • Enabling SSL will apply to all managed items in your deployment.
  • The CA File provided will also be used by managed Monitoring and Backup Agents for connections to the entire deployment.
  • For MongoDB 2.6 and below, enabling SSL requires the using of MongoDB Enterprise Edition.