Configure TLS for BI Connector
For BI Connector to transmit data securely, you should enable Transport
Layer Security (TLS) encryption on your MongoDB instance, your
mongosqld
instance, and in your BI tool. A complete description of
TLS configuration is outside the scope of this document, but this
tutorial outlines the process for creating your own TLS certificates
for testing purposes and starting the MongoDB components with TLS
enabled.
Important
Use these procedures for testing purposes only. Your production environment should use TLS certificates that a recognized certificate authority (CA) has issued.
Prerequisites
A MongoDB user with sufficient permissions to run
mongosqld
.A
mongod
instance which you can start and stop.A
mongosqld
instance which you can start and stop.The MySQL shell
Tip
See also:
Note on Cluster Availability
To ensure read availability for your MongoDB replica sets and sharded clusters while BI Connector enables TLS, use a rolling upgrade procedure. While the replica set primary upgrades, applications must wait until after failover and election cycle completes.
Tip
See also:
Create and Test Self-Signed Certificates
This tutorial contains instructions on creating several files which
allow a mongosqld
process to accept OpenSSL encrypted connections
from an SQL client, such as the MySQL shell, and make an encrypted
connection with a mongod
instance. We create two
.pem files. Each file
contains an encryption key and a self-signed TLS certificate.