X.509 (original) (raw)
In the X.509 authentication mechanism, the server and client use theTLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.
Tip
X.509 Mechanism
To learn how to use TLS/SSL with the PyMongo, see TLS/SSL.
For more information about X.509 certificates, seeX.509 in the MongoDB Server manual.
The code examples on this page use the following placeholders:
+srv: Include this option in your connection string prefix only if you are connecting to a MongoDB Atlas cluster. To learn more about the+srvoption, seeConnection String Formatsin the MongoDB Server manual.<hostname>: The network address of your MongoDB deployment.<port>: The port number of the MongoDB deployment. If you omit this parameter, the driver uses the default port number (27017). You don't need a port number when connecting to a MongoDB Atlas cluster.<path to X.509 certificate>: The path to the X.509 certificate file.<X.509 certificate password>: The password for the X.509 certificate.
To use the code examples on this page, replace these placeholders with your own values.
Important
Percent-Encoding
You must percent-encode a username and password before you include them in a MongoDB URI. The quote_plus() method, available in theurllib.parsemodule, is one way to perform this task. For example, calling quote_plus("and / or")returns the string and+%2F+or.
Don't percent-encode the username or password when passing them as arguments toMongoClient.
You can set these options in two ways: by passing arguments to theMongoClient constructor or through parameters in your connection string.
client = pymongo.MongoClient("mongodb[+srv]://<hostname>:<port>",
tls=True,
tlsCertificateKeyFile="<path to X.509 certificate>",
tlsCertificateKeyFilePassword="<X.509 certificate password>",
authMechanism="MONGODB-X509")
uri = ("mongodb[+srv]://<hostname>:<port>/?"
"tls=true"
"&tlsCertificateKeyFile=<path to X.509 certificate>"
"&tlsCertificateKeyFilePassword=<X.509 certificate password>"
"&authMechanism=MONGODB-X509")
client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb[+srv]://<hostname>:<port>",
tls=True,
tlsCertificateKeyFile="<path to X.509 certificate>",
tlsCertificateKeyFilePassword="<X.509 certificate password>",
authMechanism="MONGODB-X509")
uri = ("mongodb[+srv]://<hostname>:<port>/?"
"tls=true"
"&tlsCertificateKeyFile=<path to X.509 certificate>"
"&tlsCertificateKeyFilePassword=<X.509 certificate password>"
"&authMechanism=MONGODB-X509")
client = pymongo.AsyncMongoClient(uri)
To learn more about authenticating your application in PyMongo, see the following API documentation: