MongoDB 3.2 with TLS/SSL and x509 authentication. This image is intended to be used for testing purposes as it contains insecure self-signed certificates and publicly accessible keypairs.
docker run --name mongo-x509 -p 27017:27017 rzhilkibaev/mongo-x509-auth-ssl
This will start up MongoDB listening on 27017.
Get the client and CA pem files from the container
$ docker cp mongo-x509:/etc/ssl/mongodb-client.pem mongodb-client.pem
$ docker cp mongo-x509:/etc/ssl/mongodb-CA.pem mongodb-CA.pem
Now use them with mongo
$ mongo localhost/admin --ssl \
--sslPEMKeyFile mongodb-client.pem \
--sslCAFile mongodb-CA.pem \
--authenticationDatabase '$external' \
--authenticationMechanism MONGODB-X509 \
--username "C=US,ST=CA,L=San Francisco,O=Jaspersoft,OU=JSDev,CN=admin"
First get the JKS store file from the container
$ docker cp mongo-x509:/etc/ssl/mongodb-client.jks mongodb-client.jks
Now you can use it in java.
System.setProperty("", "mongodb-client.jks");
System.setProperty("", "123456");
System.setProperty("", "mongodb-client.jks");
System.setProperty("", "123456");
MongoClientURI connectionString = new MongoClientURI("mongodb://localhost:27017/admin?authMechanism=MONGODB-X509&ssl=true");
MongoClient mongoClient = new MongoClient(connectionString);
You can generate certificates and keys for your own server if localhost
doesn't work for you.
$ ./generate-certs HOSTNAME
$ docker build -t my-image --no-cache .