How do we create client certificate to get validated by aws document db?In aws docs https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html#connect_programmatically-tls_enabled, it is mentioned only about one way ssl i.e.,clients authenticating server certificate.I didn't find information regarding two way ssl supported by aws document db.Can anyone help on this?
Amazon DocumentDB does not support using client certificates to connect to your cluster. Are you looking for client-side certificates to be used by the server for authentication? Amazon DocumentDB only supports SCRAM based authentication.
Related
For GCP managed SQL databases: we want to enable SSL/TLS using a common client cert across all our GCP databases. From reviewing the official google docs (https://cloud.google.com/sql/docs/mysql/configure-ssl-instance), it seems the server certificate is not customizable and we require a different client certificate for each database instance.
Is there any solution where we can use a common client cert for multiple database instances?
I have one mongo db hosted in AWS atlas account and my application is running in AWS EC2 instance. I want to access my DB using my application by VPC peering but it always ask for username password which i think is not a good practice because for this i need to hardcode dummy credentials in properties file.
Is there any way I can do this without using dummy credentials. Can I do this using private endpoint? Please suggest best practice used in industry for mongodb atlas.
Authentication is orthogonal to your network topology (VPC).
Authentication in Atlas is required. You can try using x.509 or aws authentication instead of passwords.
Does AWS DocumentDB support authenticating clients with SSL?I've downloaded rds-combined-ca-bundle.pem and got rds-truststore.jks by following the aws link "https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html#connect_programmatically-tls_enabled".Specifying it in truststore,I can successfully connect to document db.
For two way ssl,I've created keystore using self-signed certificate following the link https://docs.mongodb.com/manual/appendix/security/appendixA-openssl-ca/. I'm able to connect to documentdb by specifying any keystore,even by specifying rds-truststore.jks in both truststore and keystore also.
Amazon DocumentDB doesn't support x509 certificate based authentication, only username/password authentication.
As the service is continually improving, stay tuned for new releases .
I'm having some mongodb connection securtity concerns for my env.
Here is my environment:
one ECS hosted on cloud that has a public IP but no domain and no ssl certificate neither.
installed mongodb service on this ECS that needs username/password to authenticate
only specific IPs in the whitelist can access the ECS/mongodb
I'm wondering if the data transfer between this mongodb and my local pc is safe or not?
Will the data be encrpyted during the transmission or just plain text so that everyone on the internet can catch and read it? (As I don't have https so it's not using TLS/SSL)
Can canyone explain the machanism or give some some doc links?
Thanks!
As your not using SSL, your data on fly is not encrypted. You need to use TLS/SSL to encrypt the network transmission. You must have the TLS/SSL certificates as PEM files, which are concatenated certificate containers
In addition to encrypting connections, TLS/SSL allows for authentication using certificates, both for client authentication and for internal authentication of members of replica sets and sharded clusters
I'm trying to connect to a postgres database on Google Cloud SQL from Safe FME, a GUI-based desktop application that can connect to postgres databases. It supports SSL but Google Cloud SQL apparently requires the use of "TLS Client Authentication" to connect: providing a specific client key and certificate that you download from the Google Cloud Platform dashboard.
Other hosted postgres providers let you connect simply by ticking the "Use SSL" checkbox. Is there a way to do this with Google Cloud SQL? I want a secure connection but it seems like a lot of software doesn't support the "TLS Client Authentication" way of connecting.
SSL protocols have been considered deprecated as of 2015 (source), so for the best security you should stick to TLS. (MySQL doesn't use SSL anymore for the reason - this is not specific to Cloud SQL). You can create a SSL/TLS cerificate for your Cloud SQL instance by following the instructions here.
If you have and outdated application that doesn't support a version of TLS that is compatible with Postgres, you can always use the Cloud SQL proxy to encrypt connections.