Docs Menu
Docs Home
/
Languages
/
Java
/
Java Sync Driver
/
Security
/
Authentication

X.509

On this page

  • Overview
  • Code Placeholders
  • Specify X.509 Authentication
  • API Documentation

Overview

In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.

Tip

X.509 Mechanism

To learn how to use TLS/SSL with the Java driver, see the Enable TLS/SSL on a Connection guide.

For more information about X.509 certificates, see Use x.509 Certificates to Authenticate Clients on Self-Managed Deployments in the MongoDB Server manual.

Code Placeholders

The code examples on this page use the following placeholders:

  • <hostname>: The network address of your MongoDB deployment.

  • <port>: The port number of the MongoDB deployment. If you omit this parameter, the driver uses the default port number (27017). You don't need a port number when connecting to a MongoDB Atlas cluster.

  • <authenticationDb>: The MongoDB database that contains your user's authentication data. If you omit this placeholder, the driver uses the default admin database.

To use the code examples, replace these placeholders with your own values.

Specify X.509 Authentication

Select the Connection String or the MongoCredential tab below for instructions and sample code for specifying this authentication mechanism:

To specify the X.509 authentication mechanism by using a connection string, assign the authMechanism parameter to MONGODB-X509 and enable TLS by assigning the tls parameter to true. The code to instantiate a MongoClient resembles the following:

MongoClient mongoClient = MongoClients.create("mongodb://<hostname>:<port>/?authSource=<authenticationDb>&authMechanism=MONGODB-X509&tls=true");

To specify the X.509 authentication mechanism by using the MongoCredential class, use the createMongoX509Credential() method. Also, enable TLS by calling the applyToSslSettings() method and setting the enabled property to true in the SslSettings.Builder block. The code to instantiate a MongoClient resembles the following:

MongoCredential credential = MongoCredential.createMongoX509Credential();
MongoClient mongoClient = MongoClients.create(
    MongoClientSettings.builder()
        .applyToClusterSettings(builder ->
            builder.hosts(Arrays.asList(new ServerAddress("<hostname>", <port>))))
        .applyToSslSettings(builder ->
            builder.enabled(true);
            )
        .credential(credential)
        .build());

API Documentation

To learn more about any of the MongoDB methods and types used on this page, see the following API documentation:

Back

SCRAM

Next

AWS IAM