Certificates in hand, we are now ready to start our mongod instance using TLS. Add the following options to the MongoDB config file, or add the equivalent command-line parameters when starting the mongod instance:
MongoDB Config File Entry | Command Line Parameter | Value |
net.ssl.mode | --sslMode | requireSSL |
net.ssl.PEMKeyFile | --sslPEMKeyFile | /path/to/PEM/file/for/server |
net.ssl.CAFile | --sslCAFile | /path/to/CA/PEM/file |
net.ssl.PEMKeyPassword | --sslPEMKeyPassword | "password" (only if encrypted) |
Here is a fragment concerning TLS taken from the /etc/mongod.conf file of the demo system: