Docs Menu
Docs Home
/
Languages
/
Ruby
/
Ruby MongoDB Driver
/
Security
/
Authentication

X.509

On this page

  • Overview
  • Code Placeholders
  • Using X.509 Authentication in Your Application
  • API Documentation

Overview

In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.

Tip

X.509 Mechanism

To learn how to use TLS/SSL with the Ruby driver, see TLS/SSL.

For more information about X.509 certificates, see X.509 in the MongoDB Server manual.

Code Placeholders

The code examples on this page use the following placeholders:

  • +srv: Include this option in your connection string prefix only if you are connecting to a MongoDB Atlas cluster. To learn more about the +srv option, see Connection String Formats in the MongoDB Server manual.

  • <hostname>: The network address of your MongoDB deployment.

  • <port>: The port number of the MongoDB deployment. If you omit this parameter, the driver uses the default port number (27017). You don't need a port number when connecting to a MongoDB Atlas cluster.

  • <username>: The username of the user associated with the X.509 certificate. The username must match the distinguished subject name of the certificate. If you omit this parameter, the MongoDB deployment infers the username from the X.509 certificate.

  • <password>: The password for the X.509 certificate.

To use the code examples on this page, replace these placeholders with your own values.

Using X.509 Authentication in Your Application

X.509 authentication requires the use of TLS encryption with certificate validation. To authenticate the client, you will need a valid TLS certificate and private encryption key. These can be stored in separate files, or together in one .pem file.

Note

Even if the certificate and private key are stored in the same file, you must specify the path to that file in both the ssl_cert and ssl_key options.

Select the Connection String or Client Options tab to see the corresponding syntax:

client = Mongo::Client.new("mongodb[+srv]://<hostname>[:<port>]/?authSource=$external&authMechanism=MONGODB-X509")
client = Mongo::Client.new('<host>',
                  auth_mech: :mongodb_x509,
                  ssl: true,
                  ssl_cert: '/path/to/client.pem',
                  ssl_key: '/path/to/client.pem',
                  ssl_ca_cert: '/path/to/ca.pem')

API Documentation

To learn more about any of the MongoDB methods and types used on this page, see the following API documentation:

Back

SCRAM

Next

AWS IAM