Docs Home → MongoDB Connector for BI
Configure SSL for BI Connector
For BI Connector to transmit data securely, you should enable Transport
Layer Security (TLS) encryption on your MongoDB instance, your
mongosqld
instance, and in your BI tool. A complete description of
TLS configuration is outside the scope of this document, but this
tutorial outlines the process for creating your own TLS certificates
for testing purposes and starting the MongoDB components with TLS
enabled.
Important
The procedures described in this tutorial are for testing purposes only. A production environment should use SSL certificates issued by a recognized certificate authority (CA).
Prerequisites
A MongoDB user with sufficient permissions to run
mongosqld
. For more information about user permissions and BI Connector, see User Permissions for Cached Sampling.A
mongod
instance which you can start and stop.A
mongosqld
instance which you can start and stop.The MySQL shell
Note on Cluster Availability
For MongoDB replica sets, including sharded replica sets, use a rolling upgrade procedure to ensure that the cluster can continue to serve read operations while the procedure is ongoing. While the replica set primary is undergoing upgrade procedures, database applications must either hold or retry write operations until after the automatic failover and election cycle completes. See Replica Set Availability for more information.
Create and Test Self-Signed Certificates
This tutorial contains instructions on creating several files
which allow a mongosqld
process to accept OpenSSL
encrypted connections from an SQL client, such as the MySQL shell,
and make an encrypted connection with a mongod
instance.
We create two .pem files,
each of which consists of an encryption key and a self-signed
SSL certificate.