Skip to content

Secure MongoDB

For security reasons, we strongly recommend configuring the TLS encryption. For even more security, activate the user authentication for MongoDB.

Configure the TLS Encryption

In order to secure the connection with MongoDB, you need a combined PEM file containing both the TLS certificate and the private key.

  1. Combine the file containing the certificate:

    C:\ProgramData\SEAL Systems\config\tls\cert.pem

    and the file containing the private key:

    C:\ProgramData\SEAL Systems\config\tls\key.pem

  2. Save the combined file as:

    C:\ProgramData\SEAL Systems\config\tls\cert-key-combined.pem

Specify the CA Certificate (If Available)

This step is only required if your certificate contains a CA certificate. If the certificate exists, it is checked for validity when the connection is established. The CA certificate is saved in C:\ProgramData\SEAL Systems\config\tls\ca.pem.

  1. Open the configuration file of MongoDB on the PLOSSYS 5 server:

    C:\ProgramData\SEAL Systems\config\mongod.conf

  2. Replace the following line:

    allowInvalidCertificates: true

    by the following line:

    CAFile: C:\ProgramData\SEAL Systems\config\tls\ca.pem

  3. Save the configuration file.

  4. Restart the following service:

    • seal-mongodb

Configure the TLS Encryption in a Cluster

If you are running PLOSSYS 5 in a cluster, execute the configuration steps above on all PLOSSYS 5 servers.

Enable the User Authentication

After the installation, the user authentication of MongoDB is disabled. In order to make MongoDB more secure, activate the user authentication.

  1. Open a PowerShell (Administrator) and change to the following directory:

    C:\Program Files\SEAL Systems\seal-mongodb

  2. Execute the following script:

    .\secure-mongo.ps1

Enable the User Authentication in a Cluster

If you are running PLOSSYS 5 in a cluster, execute the steps above on one of the servers and execute the following steps on all other servers belonging to the cluster:

  1. On all cluster servers, copy C:\ProgramData\SEAL Systems\config\mongod.keyfile created by secure-mongo.ps1 on the first server into the following directory:

    C:\ProgramData\SEAL Systems\config\

  2. On all cluster servers, add the following lines to C:\ProgramData\SEAL Systems\config\mongod.conf:

    security:
  authorization: enabled
  keyFile: C:\ProgramData\SEAL Systems\config\mongod.keyfile

  3. On all cluster servers, restart the following service:

    • seal-mongodb

Next Step

Continue with: Secure Filebeat

Back to top