Docs Menu

Configure SSL for BI Connector

On this page

  • Prerequisites
  • Create and Test Self-Signed Certificates

For BI Connector to transmit data securely, you should enable Transport Layer Security (TLS) encryption on your MongoDB instance, your mongosqld instance, and in your BI tool. A complete description of TLS configuration is outside the scope of this document, but this tutorial outlines the process for creating your own TLS certificates for testing purposes and starting the MongoDB components with TLS enabled.


The procedures described in this tutorial are for testing purposes only. A production environment should use SSL certificates issued by a recognized certificate authority (CA).

For MongoDB replica sets, including sharded replica sets, use a rolling upgrade procedure to ensure that the cluster can continue to serve read operations while the procedure is ongoing. While the replica set primary is undergoing upgrade procedures, database applications must either hold or retry write operations until after the automatic failover and election cycle completes. See Replica Set Availability for more information.

This tutorial contains instructions on creating several files which allow a mongosqld process to accept OpenSSL encrypted connections from an SQL client, such as the MySQL shell, and make an encrypted connection with a mongod instance. We create two .pem files, each of which consists of an encryption key and a self-signed SSL certificate.

Give Feedback
© 2022 MongoDB, Inc.


  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.