Running Mongodb Community Edition using TLS


I am trying to setup Mongodb Community Edition v7.0.12 with TLS enabled on Windows. With TLS disabled everything works, but when I enable TLS Mongodb won’t start up. My server certificate resides in the Windows certificate store under the Personal folder. The certificate is signed by a CA-certificate in the Trusted Root Certification store. The certificates are fine, they work fine with other applications.

My Mongodb configuration file contains this section:

      mode: requireTLS       
      certificateSelector: thumbprint="d169030077bd7b5347cb1723d9382b1e00242d90"

For some reason it complains that the thumbprint string is not a hex string. I have also using the subject instead but to no avail:

      mode: requireTLS       
      certificateSelector: subject="serverhostname"

At this point I’m scratching my head. Does anybody have a working example? Thank you!

If it says the thumbprint is not a hex string, try decorating it, e.g., begin it with “0x …” and see if that works.

The solution was to remove the quote characters around the thumbprint string. The documentation says to include the quote characters and is hence incorrect.

1 Like

What’s the URL to the documentation page you were following, please?
Let’s see if we should file an Issue.

Here is the URL:


That page is a single page application … I haven’t found the navigation to certificateSelector: thumbprint= … can you show me how to navigate to that documentation?

If you search for “PEMKeyFile (Linux/Windows/ma” on that page, the first hit should take you to the place where you can press “System SSL Certificate Store”. Press on that link and you should see:

certificateSelector: subject=“”

Here it also mentions thumbprint.

There doesn’t seem to exist any direct link.

Yes, I can see how that doc could be confusing! Maybe you should file an Issue.