1. openssl 설치
2. openssl req -new -x509 -days 1000 -out mongodb-server.crt -keyout mongodb-server.key
[설정 내용 출력 crt,key 생성] - Key 생성
=================server===================
Country Name (2 letter code) [AU]:??
State or Province Name (full name) [Some-State]:????
Locality Name (eg, city) []:????
Organization Name (eg, company) [Internet Widgits Pty Ltd]:????
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []: 192.168.??.??
Email Address []:
3. openssl req -new -x509 -days 1000 -out mongodb-client.crt -keyout mongodb-client.key
[설정 내용 출력 crt,key 생성] - 사설 CA(Certificate Authority) 인증서 생성
=================client===================
Country Name (2 letter code) [AU]:??
State or Province Name (full name) [Some-State]:????
Locality Name (eg, city) []:????
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT
Organizational Unit Name (eg, section) []:192.168.????
Common Name (e.g. server FQDN or YOUR name) []:192.168.?????
Email Address []:
[CA.pem]
4. bash -c 'cat mongodb-client.crt mongodb-client.key' > mongodb-client.pem
[Key.pem]
4-1. bash -c 'cat mongodb-server.crt mongodb-server.key' > mongodb-server.pem
[CA인증서]
5. sudo mongod -sslMode requireSSL --sslPEMKeyFile /home/xxx/mongdo_ssl/mongodb-server.pem --dbpath /var/lib/mongodb/
[Key]
5-1. sudo mongo --ssl --sslCAFile /home/xxx/mongdo_ssl/mongodb-server.pem --sslPEMKeyFile /home/xxx/mongdo_ssl/mongodb-client.pem --sslPEMKeyPassword 123456
'리눅스 18.04 TLS Ubuntu > MongoDB' 카테고리의 다른 글
| MongoDB Replica 개념 및 설정/해제 (0) | 2019.03.21 |
|---|---|
| mongodb 외부에서 mongo 접속/계정 존재 상태시 접근 방법 (0) | 2019.03.07 |
| MongoDB - 사용자 계정 추가 (0) | 2019.02.20 |
_B_G_