Configuring only x509 authentication

dheepakraj_govindarajan · January 30, 2024, 7:19am

Entries from my config file:
net:
port: 27017
bindIp: 127.0.0.1
tls:
mode: requireTLS
certificateKeyFile: D:\certnew\MongoDb\Test3\test-server.pem
CAFile: D:\certnew\MongoDb\Test3\test-ca.pem

security:
authorization: enabled
clusterAuthMode: x509

Trying to connect with server Certificate:
mongosh --tls --tlsCertificateKeyFile D:\certnew\MongoDb\Test3\test-server.pem --tlsCAFile D:\certnew\MongoDb\Test3\test-ca.pem

Trying to connect with Client Certificate:
mongosh --tls --tlsCertificateKeyFile D:\certnew\MongoDb\Test3\test-client.pem --tlsCAFile D:\certnew\MongoDb\Test3\test-ca.pem

Trying to connect with x509 Auth:
mongosh --tls --tlsCertificateKeyFile D:\certnew\MongoDb\Test3\test-client.pem --tlsCAFile D:\certnew\MongoDb\Test3\test-ca.pem --authenticationDatabase ‘$external’ --authenticationMechanism MONGODB-X509

I am able to connect in all these above mentioned methods but I want only x509 authentication and other methods should not be allowed.

chris · January 30, 2024, 3:02pm

Hi @dheepakraj_govindarajan

Please format posts correctly for code and log extracts:

As to:

The parameter authenticationMechanisms will have to be set to MONGODB-X509 , the default is SCRAM-SHA-1, SCRAM-SHA-256 and MONGODB-X509
https://www.mongodb.com/docs/manual/reference/parameters/#mongodb-parameter-param.authenticationMechanisms

setParameter:
   authenticationMechanisms: MONGODB-X509