Docs Menu
Docs Home
/
Spark Connector

Configure TLS/SSL

On this page

  • Overview
  • Create a JVM Trust Store
  • Create a JVM Key Store
  • Enable TLS/SSL
  • Configure Access to Certificate Stores
  • Set the Properties in Your Spark Configuration File
  • Set the Properties From the Command Line

In this guide, you can learn how to configure TLS/SSL to secure communications between the MongoDB Spark Connector and your MongoDB deployment.

To use TLS/SSL, your application and each of your Spark workers must have access to cryptographic certificates that prove their identity. Store the certificates in your JVM trust store and your JVM key store. You can configure access to these certificates through your Spark configuration file, or when launching a Spark job from the command line.

The JVM trust store saves certificates that securely identify other applications with which your application interacts. Using these certificates, your application can prove that the connection to another application is genuine and secure.

Create a trust store with the keytool command line tool provided as part of the JDK:

keytool -importcert -trustcacerts -file <path to certificate authority file>
-keystore <path to trust store> -storepass <password>

The JVM key store saves certificates that securely identify your application to other applications. Using these certificates, other applications can prove that the connection to your application is genuine and secure.

Create a key store by using the keytool, or openssl command line tools.

You can enable TLS/SSL for the connection to your MongoDB instance through the tls parameter in your connection URI.

The following example shows a connection URI with the tls option assigned to true to enable TLS/SSL:

"mongodb+srv://<username>:<password>@<cluster-url>?tls=true"

For more information about creating a connection string, see the Connection String guide on the server manual.

To configure your Spark application to access the certificates stored in your JVM trust store and JVM key store, the following system properties must be set:

  • javax.net.ssl.trustStore

  • javax.net.ssl.trustStorePassword

  • javax.net.ssl.keyStore

  • javax.net.ssl.keyStorePassword

You can set the system properties in your Spark configuration file as follows:

spark.executor.extraJavaOptions=-Djavax.net.ssl.trustStore=<Path to your trust store> -Djavax.net.ssl.trustStorePassword=<Your trust store password> -Djavax.net.ssl.keyStore=<Path to your key store> -Djavax.net.ssl.keyStorePassword=<Your key store password>"
spark.driver.extraJavaOptions=-Djavax.net.ssl.trustStore=<Path to your trust store> -Djavax.net.ssl.trustStorePassword=<Your trust store password> -Djavax.net.ssl.keyStore=<Path to your key store> -Djavax.net.ssl.keyStorePassword=<Your key store password>"

You can set the system properties from the command line by adding them with the --conf flag when you submit a Spark job:

./bin/spark-submit --name "<Your app name>" \
--master "<Master URL>" \
--conf "spark.executor.extraJavaOptions=-Djavax.net.ssl.trustStore=<Path to your trust store> -Djavax.net.ssl.trustStorePassword=<Your trust store password> -Djavax.net.ssl.keyStore=<Path to your key store> -Djavax.net.ssl.keyStorePassword=<Your key store password>" \
sparkApplication.jar \
--conf "spark.driver.extraJavaOptions=-Djavax.net.ssl.trustStore=<Path to your trust store> -Djavax.net.ssl.trustStorePassword=<Your trust store password> -Djavax.net.ssl.keyStore=<Path to your key store> -Djavax.net.ssl.keyStorePassword=<Your key store password>" \
sparkApplication.jar

Back

Configuring Spark