Skip to main content

Configuring SSL in MongoDB on Windows Platform

Hi,
Recently I had a situation where in I was required to create a secure connection between mongodb server (mongod) and mongodb client (mongo). In order to establish the secure connection there is a need to start Mongodb in the following manner:

mongod --sslOnNormalPorts --sslPEMKeyFile <Location of PEM file of mongod>


If the above command is run is run on the free version of Mongodb then following error is generated:

error command line: unknown option sslOnNormalPorts
use --help for help


The main cause of this error is due to the fact that the normal free version of Mongodb does not support SSL functionality by default. In order to use SSL functionality following two methods could be used:
1.    Build Mongodb from its source using SSL option.
2.    Use Enterprise version of mongodb.
If you a looking forward to use the Enterprise version then there is no need to worry about SSL as this option will be by default present in the Enterprise version (as indicated in Mongodb official website http://docs.mongodb.org/manual/tutorial/configure-ssl/). However if you are trying to use SSL option without going for the Enterprise version then you need to manually build the source code of Mongodb using --ssl option.

Following text illustrates the steps needed to build Mongodb with SSL option from Mongodb source code.

System Requirements:
Following system requirements are needed to build Mongodb from source code:
1   .    Use a system with following minimum requirements:
a.    Windows 64/32 bit operating system.
b.    4GB RAM (RAM below this configuration will produce errors regarding insufficient memory).
c.    14GB free HDD space.
2   .    External library and software required are:
a.    Visual Studio Ultimate 2010 (or more). Visual Studio is needed as during the compilation process there is a need of few libraries and C/C++ compilers supplied along with Visual Studio.
b.    Python setup 32-bit. If you are using 64 bit system then also use 32 bit python (version used in this tutorial is 2.7.6). Python setup could be downloaded from http://www.python.org/downloads/
c.    Scons build tool (version used in this tutorial is 2.3.1). Scons could be downloaded from http://www.scons.org/
d.    Source code of Mongodb (version used in this tutorial is 2.4.9). Source code could be downloaded from http://www.mongodb.org/downloads. Below ‘Production Release (2.4.9)’ there is a link to download tgz|zip of source code. Download the zip for windows platform.
e.    OpenSSL 32/64 bit depending on the architecture of the system (version used in this tutorial is ‘OpenSSL 1.0.1e’). OpenSSL could be downloaded from http://slproweb.com/products/Win32OpenSSL.html. On this page select ‘Win32 OpenSSL v1.0.1f’ which is a ‘16MB Installer’.
Mongodb build process needs huge amount of resources (RAM, Disk and CPU) that is the reason if you take a configuration less than as mentioned above in point 1, then there are chances that the build process will fail with ‘Not enough space’ error.

Build Steps:
Steps: Follow following steps to proceed with the build process:
1.    Install Python 32-bit.
2.    Install Scons.
3.    Install OpenSSL.
4.    Install Visual Studio Ultimate.
5.  Add the location of (including) ‘Scripts’ folder inside python installation directory to system PATH. Copy the path upto ‘Scripts’ folder e.g. C:\Python27\Scripts and add it to your system path.
6. Now Open a command prompt and change the directory to the parent directory of the unzipped Mongodb source code. This is the place where you will find files after unzipping the source. This folder will have various directories like: build, buildscripts, debian, … , src.
7. Run following commands to build the executable from the source code. This process will take significant time and will use most of the CPU and nearly 4GB RAM (If the system configuration is less than as specified then the build process will fail).


Following command will create mongod.exe in the root folder of the unzipped Mongodb source.
scons --ssl --release --64 --extrapath=<OPENSSL-HOME>

This command will build drivers.
scons --ssl --release --64 --extrapath=<OPENSSL-HOME> mongoclient.lib

This command will build core modules.
scons --ssl --release --64 --extrapath=<OPENSSL-HOME>  core

In the above commands replace <OPENSSL-HOME> with the location of parent directory of OpenSSL installation, like if you install OpenSSL at ‘C:\OpenSSL-Win64’ then the above command will change to:
scons --ssl --release --64 --extrapath= C:\OpenSSL-Win64 
scons --ssl --release --64 --extrapath= C:\OpenSSL-Win64 mongoclient.lib
scons --ssl --release --64 --extrapath=C:\OpenSSL-Win64  core 

The process may take nearly 1 hour to complete the build process. Once the build process is complete open the root directory of the unzipped Mongodb source code, there you will find three main files: mongod.exe, mongo.exe and mongos.exe.

After the process is complete, you could successfully execute the command
mongod --sslOnNormalPorts --sslPEMKeyFile <Location of PEM file of mongod>

which was giving error earlier.

I hope this helps.


Regards
Rajeev


References:
http://docs.mongodb.org/manual/tutorial/configure-ssl/


Labels:

Comments

Post a Comment

Popular posts from this blog

Using R Programming Language inside Java

Hi, This tutorial walks you through using R programming language inside a java program. R is a powerful programming language for Machine Learning and Data Mining. It contains implementation of various Machine Learning algorithms. Recently i had a situation where i was supposed to use these machine learning algorithms inside my java program. I searched the web but the stuff i found was not of much help. Thus i thought of putting the same in the form of this tutorial. This tutorial is not intended to teach you R language. It is only to help you integrate R to Java and then to use R functions inside a Java program. Pre-requisite: Following things are needed to be pre-configured on your system to use R in Java program: 1. R workbench:  R has got a console known as RGui where R commands/programs could be executed. To install RGui simply go to  http://cran.r-project.org/bin/windows/base/  and download the ' Download R 3.0.2 for Windows   (52 megabytes, 32/64 bit)...
22 comments
Read more

Uploading a binary file to RESTful web service in java using Jersey

Hi, Recently I had a situation where I was supposed to upload a binary file to a server side RESTful web service created in Jersey. I faced a lot of trouble in doing so because always one or the other part of the hood was not working properly. The following post gives a step by step process as how to create a RESTful service that accepts uploaded binary files. Pre-requisites: 1. A running RESTful service based on Jersey. 2. An HTML page with file upload component. 3. Tomcat 7 as web server. 4. Eclipse indigo. Note: Let us suppose that tomcat is running on same machine on which the HTML client is present. So we will be using the base domain URL as ' http://localhost:8080/ '. If your service and client are located on different instances of tomcat then replace the localhost part of the URL with the IP address of the machine on which the REST service is running. Step 1 (Eclipse setup): a. Create a 'Dynamic Web Project' in eclipse indigo. Let us say that thi...
5 comments
Read more

Creating a JAX-WS Web Service and Client using Eclipse Indigo

Creating a JAX-WS Web Service and corresponding client is a very trivial task. However I faced various problems while doing the same mainly while creating a client for the web service. This was mainly because the contents I found on the Internet were in a distributed manner. So I thought of creating a tutorial which binds all the concepts at one place. So this tutorial does not teaches indepth concepts of web services. Instead it guides as how to create a Web Service and a seperate client. Software Requirements: 1. Eclipse Indigo. Note: To download Eclipse Indigo follow the link http://www.eclipse.org/downloads/. Then select 'Eclipse IDE for Java EE Developers'. Process: We will proceed with the creation of web service and client in following two steps: 1. Creating Web Service 2. Creating client to consume web service. 1. Creating Web Service: Creating of a JAX-WS web service is not a very tough task. We simply create a class(normal Java class) and define certai...
8 comments
Read more