You can enable TLS for secure communication between the OpenEdge Command Center server and MongoDB. You can configure the following types of authentication:

  • Server authentication
  • Mutual authentication

Server authentication

When using server authentication, the MongoDB server sends a certificate to the OpenEdge Command Center server to authenticate itself and ensure secure communication. To configure TLS server authentication:

  1. In MongoDB installation, open the bin/mongod.cfg file in an editor.
    Note: If the MongoDB installation is on the Linux platform, open the etc/mongod.conf file.
  2. In the network interface section of the file, add the tls node.
  3. In the tls node, add the following fields and enter the required values:
    Field Description
    mode Set value to requireTLS or preferTLS.
    certificateKeyFile Path of the public certificate of the MongoDB server that is signed by the Certificate Authority (CA).
  4. Save your changes to the bin/mongod.cfg or etc/mongod.conf file and restart the MongoDB server.
  5. In the OpenEdge Command Center server installation, open the data/conf/db-config.json file in an editor.
  6. Add the tls field and set its value to true.
  7. In connectionOptions, add the sslCA field.
  8. For sslCA, enter the path of the public certificate of the CA that is used to validate the certificates presented by the OpenEdge Command Center server.
  9. Save your changes to the data/conf/db-config.json file and restart the OpenEdge Command Center server.

After the OpenEdge Command Center server is started, the TLS handshake with the MongoDB server occurs and a secure channel is established.

Mutual authentication

When using mutual authentication, the OpenEdge Command Center server and the MongoDB server authenticate with each other before creating a secure communication channel. To configure TLS mutual authentication:

  1. In MongoDB installation, open the bin/mongod.cfg file in an editor.
    Note: If the MongoDB installation is on the Linux platform, open the etc/mongod.conf file.
  2. In the network interface section of the file, add the tls node.
  3. In the tls node, add the following fields and enter the required values:
    Field Description
    mode Set value to requireTLS or preferTLS.
    certificateKeyFile Path of the public certificate of the MongoDB server that is signed by the CA.
    CAFile Path of the file that contains the certificate chain for verifying the OpenEdge Command Center server’s certificates.
  4. Save your changes to the bin/mongod.cfg or etc/mongod.conf file and restart the MongoDB server.
  5. In the OpenEdge Command Center server installation, open the data/conf/db-config.json file in an editor.
  6. Add the tls field and set its value to true.
  7. In connectionOptions, add the following fields and enter the required values:
    Field Description
    sslCA Path of the public certificate of the CA that is used to validate the certificates presented by the MongoDB server.
    sslKey The private key used for encryption.
    sslCert Path of the public certificate of the OpenEdge Command Center server that is signed by the CA.
  8. Save your changes to the data/conf/db-config.json file and restart the OpenEdge Command Center server.

After the OpenEdge Command Center server is started, the TLS handshake with the MongoDB server occurs and a secure channel is established.

For more information about configuring MongoDB for TLS, see the following articles: