|
Connect to MongoDB from Python using SSL/TLS |
|
|
|
Connect to MongoDB from Python using SSL/TLS |
|
Transport Layer Security (TLS) is a security protocol for accessing remote machines over untrusted networks. A primary use case of TLS is encrypting the communication between web applications and servers. It runs on top of TCP/IP to secure client-server communications and allows a TLS-enabled client to authenticate itself to a TLS-enabled server and vice versa. TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL), and the terms TLS and SSL are sometimes used interchangeably.
During server authentication, the client application uses public-key cryptography (PKI) algorithms to verify the server's identity by checking that the server's certificate is issued by a trusted certificate authority (CA) and proves the ownership of the public key. Similarly, TLS client authentication allows the server to validate the client's identity. The client and server can also authenticate each other using self-signed certificates. However, you will only want to use a self-signed certificate for an internal network or a development server.
After establishing a TLS connection, the client and server can exchange symmetrically encrypted messages with a shared secret key. TLS is the recommended method for establishing a secure connection to MongoDB due to its more straightforward configuration and higher performance than SSH.
To establish a TLS connection to MongoDB, enable TLS and specify the client and CA certificates in ConnectionOptions parameter. For more information about securing TCP/IP connections with TLS, see Configuring MongoDB for TLS and Connection strings in the MongoDB documentation.
import devart.mongodbconnect() module method and obtain a connection object.
my_connection = devart.mongodb.connect(
Server="your_server",
Database="your_database",
Username="your_username",
Password="your_password",
ClientLibary="path_to_libmongoc",
BSONLibrary="path_to_libbson",
ConnectionOptions="tls=true&tlsCertificateKeyFile=path_to_client_cert&tlsCAFile=path_to_ca_cert"
)The following table describes the TLS connection parameters.
|
Parameter |
Description |
|---|---|
|
|
Enables TLS connections in MongoDB 4.2 or later. |
|
|
Enables TLS connections in MongoDB versions prior to 4.2. |
|
|
A PEM file that contains either the client certificate or the client certificate and key. This parameter applies to MongoDB 4.2 or later. |
|
|
A PEM file that contains either the client certificate or the client certificate and key. This parameter applies to MongoDB versions prior to 4.2. |
|
|
A PEM file that contains the root certificate chain from the Certificate Authority. This parameter applies to MongoDB 4.2 or later. |
|
|
A PEM file that contains the root certificate chain from the Certificate Authority. This parameter applies to MongoDB versions prior to 4.2. |