Docs Menu
Docs Home
MongoDB Ops Manager

Configure MongoDB Agent to Use TLS

On this page

  • Prerequisite
  • Procedures

Ops Manager uses TLS to encrypts connections between MongoDB Agent and:

  • MongoDB instances.

  • Ops Manager.

To configure the MongoDB Agent to use TLS, you must:

  • Have the trusted Certificate Authority certificate that signed the MongoDB instance's certificate.

  • Ensure that all TLS certificates contain the Subject Alternative Name field.

To use TLS for the MongoDB Agent's connection to a MongoDB deployment, specify the deployment's TLS settings when adding the deployment or editing the deployment's settings.


Ops Manager can manage TLS for you if you are using Automation for the deployment. With Automation, Ops Manager prompts you for the certificates to use to connect to the deployment when you enable TLS and then configures the agents appropriately. To learn how to configure TLS, see Enable TLS for a Deployment.

To ensure that the MongoDB Agent uses TLS when connecting to Ops Manager, configure Ops Manager to use TLS for all connections. The Configure TLS Connections to Ops Manager tutorial describes how to set up Ops Manager to run over TLS.

By default, the MongoDB Agent validates the Ops Manager TLS certificate.

If a trusted third party did not sign your certificate, you must configure the MongoDB Agent to trust Ops Manager.

To specify a self-signed certificate for Ops Manager that the MongoDB Agent should trust:


Copy your TLS certificate to your Ops Manager configuration directory:



sudo /etc/init.d/mongodb-mms-automation-agent restart

If you don't want to have Ops Manager validate the SSL certificates, set Client Certificate Mode to None.

← Configure the MongoDB Agent for X.509 Authentication