mongocli atlas dbuser certs create

On this page

Syntax

Options
Output
Example

This version of the documentation is archived and no longer supported. View the current documentation to learn how to upgrade your version of MongoCLI.

The dbuser certs create command creates an Atlas-managed X.509 certificate for the specified MongoDB database user who authenticates using X.509 certificates. You can also create an Atlas-managed X.509 certificate for a MongoDB database user through the Atlas UI or API.

Important

You cannot use the dbuser certs create command to list certificates for MongoDB database users if

You are managing your own Certificate Authority (CA) in Self-Managed X.509 mode. You must generate certificates for database users using your own CA.
The user you specify does not authenticate using X.509 certificates.

Syntax

mongocli atlas dbuser certs create
     [ --monthsUntilExpiration <number of months until certificate expires> ]
     [ --output|-o <output-format> ]
     [ --profile|-P <profile-name> ]
     [ --projectId <project-ID> ]
     --username <name-of-user>

Note

Use -h or --help to view the command-line help for this command.

Options

Option	Type	Description	Required?
`--monthsUntilExpiration`	integer	Months until the X.509 certificate expires. Maximum value is `24`. Defaults to `3`.	no
`--output`, `-o`	string	Command output format. Valid values are: `json` for output in JSON format `go-template` for custom output using the Go template `go-template-file` for custom output specified using Go template file If omitted, the command returns output in the default format.	no
`--profile`, `-P`	string	Name of the profile where the public and private keys for the project are saved. If omitted, uses the default profile. To learn more about creating a profile, see Configure the MongoDB CLI.	no
`--projectId`	string	Unique identifier of the project. If omitted, uses the project ID in the profile or environment variable.	no
`--username`	string	Username for whom you want to create a X.509 certificate.	yes

Output

The command prints the following fields in the specified format to the terminal if the command succeeds. If the command prints an error, see Troubleshooting for recommended solutions.

Field	Description
`certificate`	The PEM-encoded X.509 certificate that Atlas created for the user.
`monthsUntilExpiration`	Months until the X.509 certificate expires. Maximum value is `24`. Defaults to `3`.
`username`	Username for whom Atlas generated the x.509 certificate.

Example

The following example uses the mongocli atlas dbuser certs create command to create an Atlas-managed X.509 certificate for a MongoDB database user dbuser. It uses the default profile to access Atlas and generate the X.509 certificate.

mongocli atlas dbuser certs create --username dbuser --output json
--monthsUntilExpiration 3 --projectId 5e2211c17a3e5a48f5497de3

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
  "username": "dbuser",
  "monthsUntilExpiration": 3,
  "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
}

Back

List Atlas-Managed X.509 Certificates Created for a Database User

Data Lakes