salonvorti.blogg.se - Conncet to remote db robo 3t

#CONNCET TO REMOTE DB ROBO 3T HOW TO#
#CONNCET TO REMOTE DB ROBO 3T SOFTWARE#
#CONNCET TO REMOTE DB ROBO 3T PASSWORD#

The next step is to actually self-sign our certificate.

#CONNCET TO REMOTE DB ROBO 3T PASSWORD#

Of note, we are using DES3 so we can encrypt it with a password (highly recommended). Also, do not forget its password!Īs a quick reference, we use the genrsa (generate RSA key) openssl command with the -des3 argument for encrypting the private key with DES3 cipher before generating the final key. Remember this must be kept private and hidden. It generates a 2048 bit - password protected key. This command uses the openssl tool to generate our key. Run the following command: openssl genrsa -des3 -out root_self_CA.key 2048 This must be kept private, since it is the key to sign further client certificates. OK, so the first step is to create our private root key. In my case, I am running these commands under /etc/ssl directory, which requires "sudo".

Note: For running these commands, depending on which location you choose to run them, you may require administrator privileges. Naturally, you can compensate these weaknesses with further security measures, like connecting in a secure VPC, firewall rules, etc.

Although you can still use self-signed certificates, this type of certificates could be vulnerable to man-in-the-middle attacks. Note : In production environment, always use valid certificates generated by valid certificate authorities.

Sign the certificate ourselves (aka self-sign).

For generating such certificates, we need to create our own certificate authority, since we are not going to use any of the registered CA out there. In this tutorial, we are going to use self-signed certificates.

Sample NodeJS app to connect to the remote database.

Verify connectivity from remote location.

Create self-signed & client certificates.

Setup for this step is not included in this tutorial, as there are many resources out there describing the process. Note: For this tutorial I have used an Amazon EC2 ubuntu instance for holding the MongoDB server. If you wish to use paid/valid certificates, this tutorial still applies, just skip the self-signed certificate step and follow the tips on NodeJS mongo client connection section. Of note, we will use a self-signed certificate to secure our connections, since a certificate authority (CA) signed certificate is not mandatory per se, but certainly advisable. For this, we will build a super simple NodeJS app to connect to a remote secure MongoDB database (hosted in AWS).

#CONNCET TO REMOTE DB ROBO 3T SOFTWARE#

In this tutorial, we will focus on data-in-transit encryption, specifically from server-to-database connection, which is one of the many parts involved in software security. Security is a primordial topic when a software solution comes to its production lifecycle. Sudo mongorestore -gzip -archive somebackupfile.gz -db someDB -ssl -host 127.0.0.1 -sslCAFile /etc/ssl/self/root_self_CA.pem -sslPEMKeyFile /etc/ssl/self/mongodb_client.pem -sslPEMKeyPassword somePassword! -sslAllowInvalidHostnames -sslAllowInvalidCertificates -u some_user -p some_password -authenticationDatabase someDB Sudo mongo -tls -host 127.0.0.1 -tlsCAFile /etc/ssl/self/root_self_CA.pem -tlsCertificateKeyFile /etc/ssl/self/mongodb_client.pem -tlsCertificateKeyFilePassword somePassword! -tlsAllowInvalidCertificates -u some_user -p some_password -authenticationDatabase someDB I'm addressing both inquiries below: - CONNECTING VIA MONGO CLIENT

#CONNCET TO REMOTE DB ROBO 3T HOW TO#

In addition, some of my readers have asked for me to clarify how to dump and restore a protected database. I have received some questions about how to connect directly with the mongo client, particularly from the host machine. Technologies discussed here are: MongoDB, NodeJS, basic shell commands (apply for linux/macOS), VS Code. In this article we discuss how to secure your MongoDB database network traffic from remote locations.