X.509 Authentication Mechanism
Overview
Overview
In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.
Tip
X.509 Mechanism
To learn how to use TLS/SSL with the Go driver, see the Enable TLS on a Connection guide.
For more information about X.509 certificates, see Use x.509 Certificates to Authenticate Clients on Self-Managed Deployments in the MongoDB Server manual.
Code Placeholders
The code examples on this page use the following placeholders:
hostname: Your MongoDB servers network address, accessible by your clientport: Your MongoDB servers port number
cafile_path: The path to your CA File for your connection stringclient_certificate_path: The path to your client certificate file or the client private key file
Specify X.509 Authentication
To specify the X.509 authentication mechanism, perform the
following:
Assign the
tlsCAFilethe path to its file in the connection stringAssign the
tlsCertificateKeyFilethe path to its file in the connection stringAssign the
AuthMechanismoption the value"MONGODB-X509"
The following code example shows how to specify the X.509 authentication mechanism:
caFilePath := "<cafile_path>" certificateKeyFilePath := "<client_certificate_path>" uri := "mongodb://<hostname>:<port>/?tlsCAFile=%s&tlsCertificateKeyFile=%s" uri = fmt.Sprintf(uri, caFilePath, certificateKeyFilePath) credential := options.Credential{ AuthMechanism: "MONGODB-X509", } clientOpts := options.Client().ApplyURI(uri).SetAuth(credential)
API Documentation
To learn more about any of the methods or types discussed on this page, see the following API documentation: