Overview
In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.
Tip
X.509 Mechanism
To learn how to use TLS/SSL with the PHP library, see the Configure Transport Layer Security (TLS) guide.
For more information about X.509 certificates, see Use x.509 Certificates to Authenticate Clients on Self-Managed Deployments in the MongoDB Server manual.
Specify X.509 Authentication
To use the X.509 authentication mechanism, set the following connection options:
tls: Set totrue.tlsCertificateKeyFile: The file path of the.pemfile that contains your client certificate and private key.authMechanism: Set to'MONGODB-X509'.
You can set these options in two ways: by passing an options array to the
MongoDB\Client constructor or through parameters in your connection URI.
Select the MongoDB\Client or Connection URI tab to
see the corresponding code:
$uriOptions = [ 'tls' => true, 'tlsCertificateKeyFile' => '<file path>', 'authMechanism' => 'MONGODB-X509', ]; $client = new MongoDB\Client( 'mongodb://<hostname>:<port>', $uriOptions, );
$uri = 'mongodb://<hostname>:<port>/?tls=true&tlsCertificateKeyFile=<file path>&authMechanism=MONGODB-X509'; $client = new MongoDB\Client($uri);
Additional Information
To learn more about creating a MongoDB\Client object in the MongoDB PHP Library,
see the Create a MongoDB Client guide.
To learn more about connection options, see the Specify Connection Options guide.