X.509 Authentication

Overview

In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.

Tip

X.509 Mechanism

To learn how to use TLS/SSL with the PHP library, see the Configure Transport Layer Security (TLS) guide.

For more information about X.509 certificates, see Use x.509 Certificates to Authenticate Clients on Self-Managed Deployments in the MongoDB Server manual.

Specify X.509 Authentication

To use the X.509 authentication mechanism, set the following connection options:

tls: Set to true.
tlsCertificateKeyFile: The file path of the .pem file that contains your client certificate and private key.
authMechanism: Set to 'MONGODB-X509'.

You can set these options in two ways: by passing an options array to the MongoDB\Client constructor or through parameters in your connection URI. Select the MongoDB\Client or Connection URI tab to see the corresponding code:

$uriOptions = [
    'tls' => true,
    'tlsCertificateKeyFile' => '<file path>',
    'authMechanism' => 'MONGODB-X509',
];
$client = new MongoDB\Client(
    'mongodb://<hostname>:<port>',
    $uriOptions,
);

$uri = 'mongodb://<hostname>:<port>/?tls=true&tlsCertificateKeyFile=<file path>&authMechanism=MONGODB-X509';
$client = new MongoDB\Client($uri);

Additional Information

To learn more about creating a MongoDB\Client object in the MongoDB PHP Library, see the Create a MongoDB Client guide.

To learn more about connection options, see the Specify Connection Options guide.

Back

SCRAM

AWS IAM