Using X.509 Digital Certificates
- Kalpana Malladi
- Rakesh Chaudhary
The X.509 certificate uses the international X.509 public key infrastructure (PKI) standard to check whether a public key belongs to the declared user, computer, or service identity listed in the certificate. In SnapLogic, the X.509 Digital Certificates authentication type enables you to use digital certificates to authenticate your requests with MongoDB. For more details on X.509 digital certificates, see Using x.509 Certificates to Authenticate Clients. To use X.509 digital certificates: In the Username field, enter the Distinguished Name (DN) of the certificate in the keystore from where you retrieved it. There are many ways of presenting the DN as a string, so the format seen in other tools may not be appropriate here. For example, most formats use '/' instead of ',' as separators. Leave the Password field blank. Select the Authentication Type as X.509 (Digital Certificates). Set the Encryption Type to ssl certs. Enter the location of the trust store in the Truststore Filepath field. The trust store must contain trusted certificates from the certificate authorities (CAs) that signed both the Mongo server and client certificates. Enter the location of the keystore in the Keystore Filepath field. The keystore must contain the certificate and key with the same DN as used in the Username field. Again, as in the case of the Distinguished Name, the formats used may appear to be different. The keystore may also need to include the certificate chain (the list of SSL certificates, right from the root certificate to the end-user certificate) for the client's cert.
Example: CN=admin,OU=JSDev,O=Jaspersoft,L=San Francisco,ST=CA,C=US
It's a good practice for the truststore to include the Mongo server's certificate as well; but it's not mandatory, since the client can validate the certificate via the CA certificate.
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.