In order to use x.509 certificates for mongo shell authentication, you must have access to a valid Certificate Authority, and a signed certificate available. In addition, you will need to generate a unique certificate for each user. To authenticate the mongo shell, use the command-line parameters shown here. Note that the hostname needs to match the one that's in the x.509 certificate:
mongo --ssl --sslPEMKeyFile </client/PEM/file> --sslCAFile </CA/PEM/file> --host "<matches cert>"
In the following example, we use the /etc/ssl/zed.pem file that we showed you earlier in this chapter: