Docs Menu
Docs Home
/
MongoDB Compass
/
Connect
/
Advanced Options

TLS / SSL Connection Tab

On this page

  • Procedure
  • Example

The TLS / SSL tab allows you to connect deployments with TLS / SSL. For more information on TLS / SSL, see TLS Options

Note

If you connect to an Atlas cluster with the standard connection string format, you must enable TLS/SSL.

Procedure

1

Open the New Connection modal.

In the bottom panel of the Connections Sidebar, click Add New Connection to open the New Connection modal.

If you already have connections listed in the Connections Sidebar, click the icon on the top right of the sidebar to open the New Connection modal.

2

Click Advanced Connection Options.

New Advanced Connection Options
click to enlarge
3

Click the TLS / SSL tab.

You can leave TLS unset with the Default option or set the TLS / SSL connection On or Off.

Option
Description

Default

The Default option leaves the TLS option unset. The Default / unset TLS /SSL option is enabled when using a DNS seedlist (SRV) in the connection string. To learn more about the additional options available, see Additional TLS / SSL Options.

On

Select the On option when using a DNS seedlist (SRV) in the connection string. When TLS / SSL Connection is On, you can specify additional certificate options for your connection string. To see more on the additional certificate options available, see Additional TLS / SSL Options.

Off

The Off option initiates a connection without TLS / SSL.

Enable TLS / SSL to avoid security vulnerabilities.

Additional TLS / SSL Options

When TLS is On you can specify the following:

Option
Description

Certificate Authority

One or more certificate files from trusted Certificate Authorities to validate the certificate provided by the deployment.

Client Certificate

Specifies the location of a local .pem file that contains either the client's TLS/SSL X.509 certificate or the client's TLS/SSL certificate and key.

Client Key Password

If the Client Private Key is protected with a password, you must provide the password.

tlsInsecure

Disables various certificate validations.

tlsAllowInvalidHostnames

Disables hostname validation of the certificate presented by the the deployment.

tlsAllowInvalidCertificates

Disable the validation of the server certificates.

Warning

Enabling tlsInsecure, tlsAllowInvalidHostnames, and tlsAllowInvalidCertificates may cause a security vulnerabilty.

4

(Optional) For advanced connection configuration options, click the Advanced tab.

5

Click Connect.

Tip

See also:

To disconnect from your deployment, see Disconnect from MongoDB.

Example

The following example specifies a connection with TLS/SSL enabled in the TLS / SSL tab. This connection uses X.509 authentication which requires a client certificate.

Screenshot of Compass configured to connect to an example cluster with TLS/SSL
click to enlarge

1

Back

Authentication

Next

Proxy/SSH

On this page