Hi, @pierre-luc_des,
Microsoft introduced support for PEM files in .NET 5. The .NET/C# Driver currently supports .NET Standard 2.1 (used by .NET Core 3.X), .NET 6, and .NET Framework 4.7.2+. We could support it in our .NET 6 target, but have not done this work yet. You can follow and vote on CSHARP-4336.
Even with support for PEM files, Microsoft’s SslStream class does not support user-supplied CAs. It is for this reason that the .NET/C# Driver ignores tlsCAFile. You can supply a client x.509 certificate but you cannot supply an alternate CA cert. You have to install the CA as a trusted root CA for your operating system.
MongoDB Atlas uses x.509 certificates issued by Let’s Encrypt and Google Trust Services and most application environments already trust these CAs. AWS DocumentDB is not a MongoDB-supported product and you will have to contact Amazon Support for recommendations on how to install the needed CA into your trust store.
Sincerely,
James