Overview
In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.
Tip
X.509 Mechanism
Code Placeholders
The code examples on this page use the following placeholders:
hostname- network address of your MongoDB server, accessible by your client.port- port number of your MongoDB server.authenticationDb- MongoDB database that contains your user's authentication data. If you omit this parameter, the driver uses the default valueadmin.
Authenticate with X.509
Select the Connection String or the MongoCredential tab below for instructions and sample code for specifying this authentication mechanism:
To specify the X.509 authentication mechanism by using a connection
string, assign the authMechanism parameter the value MONGODB-X509
and enable TLS by assigning the tls
parameter a true value. Your code to instantiate a MongoClient
should resemble the following:
val mongoClient = MongoClient.create("mongodb://<db_username>:<db_password>@<hostname>:<port>/?authSource=<authenticationDb>&authMechanism=MONGODB-X509&tls=true")
To specify the X.509 authentication mechanism by using the
MongoCredential class, use the
createMongoX509Credential()
method. Also, enable TLS by calling the
applyToSslSettings()
method and setting the enabled property to true in the
SslSettings.Builder
block. Your code to instantiate a MongoClient should resemble the following:
val credential = MongoCredential.createMongoX509Credential() val settings = MongoClientSettings.builder() .applyToClusterSettings { builder -> builder.hosts(listOf( ServerAddress("<hostname>", "<port>")) ) } .applyToSslSettings { builder -> builder.enabled(true) } .credential(credential) .build() val mongoClient = MongoClient.create(settings)
For additional information on configuring your application to use certificates and TLS/SSL options, see our TLS/SSL guide.