Using X.509 Digital Certificates

The X.509 certificate uses the international X.509 public key infrastructure (PKI) standard to check whether a public key belongs to the declared user, computer, or service identity listed in the certificate. In SnapLogic, the X.509 Digital Certificates authentication type enables you to use digital certificates to authenticate your requests with MongoDB. For more details on X.509 digital certificates, see Using x.509 Certificates to Authenticate Clients.

To use X.509 digital certificates:

  1. Enter data in the Label, Hostname, Port, and Database Name fields as appropriate.
  2. In the Username field, enter the Distinguished Name (DN) of the certificate in the keystore from where you retrieved it.
    Example: CN=admin,OU=JSDev,O=Jaspersoft,L=San Francisco,ST=CA,C=US

    There are many ways of presenting the DN as a string, so the format seen in other tools may not be appropriate here. For example, most formats use '/' instead of ',' as separators.

  3. Leave the Password field blank.

  4. Select the Authentication Type as X.509 (Digital Certificates).

  5. Set the Encryption Type to ssl certs.

  6. Update the SSL Certs Properties section as follows:
    1. Enter the location of the trust store in the Truststore Filepath field. The trust store must contain trusted certificates from the certificate authorities (CAs) that signed both the Mongo server and client certificates.
      It's a good practice for the truststore to include the Mongo server's certificate as well; but it's not mandatory, since the client can validate the certificate via the CA certificate.

    2. Enter the Truststore Password in the field provided.
    3. Enter the location of the keystore in the Keystore Filepath field. The keystore must contain the certificate and key with the same DN as used in the Username field. Again, as in the case of the Distinguished Name, the formats used may appear to be different. The keystore may also need to include the certificate chain (the list of SSL certificates, right from the root certificate to the end-user certificate) for the client's cert.

    4. Enter the Keystore File Password in the field provided.
  7. Click Validate to check your settings; click Apply to save your changes and exit the popup once validation succeeds.