For AI agents: a documentation index is available at https://www.mongodb.com/docs/llms.txt — markdown versions of all pages are available by appending .md to any URL path.
Docs Menu

X.509 Authentication Mechanism

In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.

Tip

X.509 Mechanism

To learn how to use TLS/SSL with the Go driver, see the Enable TLS on a Connection guide.

For more information about X.509 certificates, see Use x.509 Certificates to Authenticate Clients on Self-Managed Deployments in the MongoDB Server manual.

The code examples on this page use the following placeholders:

  • hostname: Your MongoDB servers network address, accessible by your client

  • port: Your MongoDB servers port number

  • cafile_path: The path to your CA File for your connection string

  • client_certificate_path: The path to your client certificate file or the client private key file

To specify the X.509 authentication mechanism, perform the following:

  • Assign the tlsCAFile the path to its file in the connection string

  • Assign the tlsCertificateKeyFile the path to its file in the connection string

  • Assign the AuthMechanism option the value "MONGODB-X509"

The following code example shows how to specify the X.509 authentication mechanism:

caFilePath := "<cafile_path>"
certificateKeyFilePath := "<client_certificate_path>"
uri := "mongodb://<hostname>:<port>/?tlsCAFile=%s&tlsCertificateKeyFile=%s"
uri = fmt.Sprintf(uri, caFilePath, certificateKeyFilePath)
credential := options.Credential{
AuthMechanism: "MONGODB-X509",
}
clientOpts := options.Client().ApplyURI(uri).SetAuth(credential)

To learn more about any of the methods or types discussed on this page, see the following API documentation: