Jump to content
Sign in to follow this  
Followers 0
Robert_Ha

FireDAC Mongo driver, CA and SSL certificates

By Robert_Ha, in Network, Cloud and Web

Recommended Posts

Robert_Ha    0

Robert_Ha
Posted (edited)

Hello everyone,

 

I' trying to understand where I get the certificate files for the SSL certificate and CA certificate from. I have to specify them in the FireDAC connection component. With the component I want to connect to the Azure cosmos DB for MongoDB (vCore).

Do I need to get them from somewhere like " www.digicert.com " or do I get them from Azure itsself?

 

Connection parameter:

SSLPEMKeyFile -- is the path name to the .pem file that contains the SSL certificate and key.

SSLCAFile -- is the path name to the .pem file that contains the certificate from the Certificate Authority (CA).

(Source: https://docwiki.embarcadero.com/RADStudio/Athens/en/Connect_to_MongoDB_Database_(FireDAC))

 

Thanks in advance.

 

Robert

Edited by Robert_Ha

Share this post

Link to post

Robert_Ha    0

Robert_Ha
Posted

Thanks for the reply, but as far as I understand, neither source describes or mentions how I get the certificate files. Only that I need them. Can you provide more details?

Share this post

Link to post

Pierce Ng    0

Pierce Ng
Posted

Your app is connecting to MongoDB as a client. The common authentication method is username/password. Your app only needs its own TLS certificate and key if the MongoDB server is configured to mandate client certificate authentication, as described here: https://www.mongodb.com/docs/manual/reference/configuration-options/#mongodb-setting-net.tls.allowConnectionsWithoutCertificate.

 

(I listed three relevant URLs, but the forum software decided that three URLs => this post is spam, so now just one. Duh.)

 

Ask your MongoDB admin whether the database mandates client certificate authentication. If the answer is no, using username/password should work. Azure Cosmos DB MongoDB, by default, works with username/password over TLS.

 

If it's FireDAC that expects client certificate and key to be specified for username/password authentication, ask your FireDAC support. Actually just try not setting those two parameters and see if your app works. But note this disclaimer from the FireDAC link:

Quote

Note: The MongoDB C driver has been compiled without SSL support. If your application requires SSL, you should compile the MongoDB C driver on your own and provide an additional set of required libraries. These libraries might require the OpenSSL and Microsoft Visual C++ Runtime libraries.

 

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Network, Cloud and Web
×