- User Guide >
- Monitoring Agent >
- Configure Monitoring Agent for SSL
Configure Monitoring Agent for SSL¶
On this page
On-Prem MongoDB Management Service supports SSL for encrypting the following connections made by Monitoring Agents:
- Connections between the Monitoring Agents and MongoDB instances.
- Connections between the Monitoring Agents and On-Prem MongoDB Management Service servers.
Connections between Agents and MongoDB Instances¶
Specify path to trusted CA certificate.¶
If your MongoDB deployment uses SSL, then you must configure the Monitoring Agent to use SSL. To configure the agent to use SSL, you must have a trusted CA certificate that signed the MongoDB instance’s certificate.
In the agent’s install directory, edit the
monitoring-agent.config
file to set
sslTrustedServerCertificates
field to the path of a
file containing one or more certificates in PEM format. For example:
By default, to connect to MongoDB instances using SSL requires a valid
trusted certificate. For testing purposes, however, you can set the
sslRequireValidServerCertificates
setting to False
to
bypass this check. This configuration is not recommended for
production use as it makes the connection insecure.
For additional information on these settings, see MongoDB SSL Settings.
Restart agent.¶
In addition to configuring the agents, you must also specify the host’s SSL settings. You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.
Connections between Agents and MMS Servers¶
To ensure that the Monitoring Agents use SSL when connecting to the On-Prem MongoDB Management Service servers, use an HTTPS proxy in front of On-Prem MongoDB Management Service.
SSL Certificate Validation¶
Starting with On-Prem MongoDB Management Service 1.4, the Monitoring Agent validates the SSL certificate of the MMS server by default.
If you are not using a certificate signed by a trusted 3rd party, you must configure the Monitoring Agent to trust the MMS server.
To specify a self-signed certificate of the MMS server that the Monitoring Agent should trust:
Copy your PEM certificate to /etc/mongodb-mms/
.¶
Issue the following sequence of commands:
Edit the following parameter in /etc/mongodb-mms/monitoring-agent.config
.¶
For example:
Restart the Monitoring Agent for the configuration update to take effect.¶
For example:
Configuration Settings¶
For the settings used by the Monitoring Agent to connect to the On-Prem MongoDB Management Service servers, see MMS Server SSL Settings.
Additional Information¶
For information about MongoDB and SSL, see /tutorial/configure-ssl.