How do I configure a TLS client configuration from Spring Boot to MongoDB instance?

Question

I'm trying to configure a Spring Boot web application to use TLS when making connections to a MongoDB instance, running in a Docker container.

I've configured the MongoDB instance in Docker to use a self-signed certificate, and require TLS. The configuration file for MongoDB (mongod.conf) looks like this:

net:
  bindIp: 0.0.0.0
  port: 27017
  tls:
    certificateKeyFile: /home/mongodb/ssl/my-self-signed-cert.pem
    mode: requireTLS
    allowConnectionsWithoutCertificates: true
...

I can connect to the instance with TLS using the Mongo connection string from the command line, getting the Mongo shell. However, I can't get my web application to connect to that same MongoDB instance over TLS.

To try testing the connection, I've tried creating a unit test that will access the DB. The Spring Boot magic causes the test to fail during setup. It seems like this is because autowiring in some of the dependencies (MongoTemplate, I think) seems to test the connection, which requires TLS and then fails.

To set up the TLS connection, I added the server's certificate to the Java truststore, using keytool. However, the connection still fails. I've tried specifying the location of a .jks file created with keytool, as well, in the application.yml file, like so:

...
javax:
  net:
    ssl:
      trustStore: src/main/resources/truststore/trustedcerts.jks
...

Ultimately, my question is: How can I configure TLS-secured connections to MongoDB from my Spring Boot app? Currently, we implement data access using MongoRepository and MongoTemplate.

Answer 1

You have to set the system properties in your java application

System.setProperty ("javax.net.ssl.keyStore",keystorePath);
System.setProperty ("javax.net.ssl.keyStorePassword",keystorePass);
System.setProperty ("javax.net.ssl.trustStore",truststorePath);
System.setProperty ("javax.net.ssl.trustStorePassword","changeit");