The Java driver supports TLS/SSL connections to MongoDB servers using the underlying support for TLS/SSL provided by the JDK. You can configure the driver to use TLS/SSL either with MongoClientURI or with MongoClientOptions.
MongoClientURI
import com.mongodb.MongoClientURI;
To specify TLS/SSL with MongoClientURI, specify ssl=true as part of the connection string, as in:
MongoClientURI uri = new MongoClientURI("mongodb://localhost/?ssl=true");
MongoClient mongoClient = new MongoClient(uri);
MongoClientOptions
import com.mongodb.MongoClientOptions;
To specify TLS/SSL with with MongoClientOptions, set the sslEnabled property to true, as in:
MongoClientOptions options = MongoClientOptions.builder().sslEnabled(true).build();
MongoClient client = new MongoClient("localhost", options);
By default, the driver ensures that the hostname included in the server’s SSL certificate(s) matches the hostname(s) provided when constructing a MongoClient(). However, the hostname verification requires a Java 7 JVM, as it relies on additions introduced in Java 7 to the javax.net.SSLParameters class.
If your application must run on Java 6, or for some other reason you need to disable hostname verification, you must explicitly indicate this in MongoClientOptions using the sslInvalidHostNameAllowed property:
MongoClientOptions.builder().sslEnabled(true).sslInvalidHostNameAllowed(true).build();
A typical application will need to set several JVM system properties to ensure that the client is able to validate the TLS/SSL certificate presented by the server:
javax.net.ssl.trustStore: The path to a trust store containing the certificate of the signing authority
javax.net.ssl.trustStorePassword: The password to access this trust store
The trust store is typically created with the keytool command line program provided as part of the JDK. For example:
keytool -importcert -trustcacerts -file <path to certificate authority file>
-keystore <path to trust store> -storepass <password>
A typical application will also need to set several JVM system properties to ensure that the client presents an TLS/SSL certificate to the MongoDB server:
javax.net.ssl.keyStore The path to a key store containing the client’s TLS/SSL certificates
javax.net.ssl.keyStorePassword The password to access this key store
The key store is typically created with the keytool or the openssl command line program.
For more information on configuring a Java application for TLS/SSL, please refer to the JSSE Reference Guide.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4