Docs Menu
Docs Home
/
Languages
/
Python
/
PyMongo
/
Security
/
Authentication

X.509

On this page

  • Overview
  • Code Placeholders
  • Using X.509 Authentication in Your Application
  • API Documentation

Overview

In the X.509 authentication mechanism, the server and client use the TLS protocol to exchange X.509 public-key certificates. You can use this mechanism to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.

Tip

X.509 Mechanism

To learn how to use TLS/SSL with the PyMongo, see TLS/SSL.

For more information about X.509 certificates, see X.509 in the MongoDB Server manual.

Code Placeholders

The code examples on this page use the following placeholders:

  • +srv: Include this option in your connection string prefix only if you are connecting to a MongoDB Atlas cluster. To learn more about the +srv option, see Connection String Formats in the MongoDB Server manual.

  • <hostname>: The network address of your MongoDB deployment.

  • <port>: The port number of the MongoDB deployment. If you omit this parameter, the driver uses the default port number (27017). You don't need a port number when connecting to a MongoDB Atlas cluster.

  • <path to X.509 certificate>: The path to the X.509 certificate file.

  • <X.509 certificate password>: The password for the X.509 certificate.

To use the code examples on this page, replace these placeholders with your own values.

Important

Percent-Encoding

You must percent-encode a username and password before you include them in a MongoDB URI. The quote_plus() method, available in the urllib.parse module, is one way to perform this task. For example, calling quote_plus("and / or") returns the string and+%2F+or.

Don't percent-encode the username or password when passing them as arguments to MongoClient.

Using X.509 Authentication in Your Application

You can set these options in two ways: by passing arguments to the MongoClient constructor or through parameters in your connection string.

client = pymongo.MongoClient("mongodb[+srv]://<hostname>:<port>",
                             tls=True,
                             tlsCertificateKeyFile="<path to X.509 certificate>",
                             tlsCertificateKeyFilePassword="<X.509 certificate password>",
                             authMechanism="MONGODB-X509")
uri = ("mongodb[+srv]://<hostname>:<port>/?"
       "tls=true"
       "&tlsCertificateKeyFile=<path to X.509 certificate>"
       "&tlsCertificateKeyFilePassword=<X.509 certificate password>"
       "&authMechanism=MONGODB-X509")
client = pymongo.MongoClient(uri)

API Documentation

To learn more about authenticating your application in PyMongo, see the following API documentation:

Back

SCRAM

Next

AWS IAM