/ /

X.509 Authentication

Overview

In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.

Tip

X.509 Mechanism

To learn how to use TLS/SSL with the C++ driver, see the TLS/SSL guide.

For more information about X.509 certificates, see X.509 in the MongoDB Server manual.

Code Placeholders

The code example on this page uses the following placeholders:

<hostname>: The network address of your MongoDB deployment.
<port>: The port number of the MongoDB deployment. If you omit this parameter, the driver uses the default port number (27017). You don't need a port number when connecting to a MongoDB Atlas cluster.

To use the code example on this page, replace these placeholders with your own values.

Using X.509 Authentication in Your Application

X.509 authentication requires the use of TLS encryption with certificate validation. To authenticate the client, you will need a valid TLS certificate and private encryption key. These can be stored in separate files or together in one .pem file.

Note

Even if the certificate and private key are stored in the same file, you must specify the path to that file in both the ssl_cert and ssl_key options.

To configure X.509 authentication in your application, set the authentication mechanism and certificate path in your connection string, as shown in the following example:

auto uri = mongocxx::uri("mongodb://<hostname>:<port>/?"
                         "tls=true&tlsCertificateKeyFile=path/to/client.pem&authMechanism=MONGODB-X509");
auto client = mongocxx::client(uri);

API Documentation

To learn more about creating a mongocxx::client object in C++ driver, see the following API documentation:

mongocxx::client

Back

SCRAM

AWS IAM