Afternoon Readers,
Today’s topic discussion will be sort of short. It’s a good one though so sit tight. Today topic is setting TLS protocols for MongoDB. Yep! Ties right into my previous blog which you can find right HERE. With the update of MongoDB to 3.6.14, we allow for the TLS 1.0 and TLS 1.1 to be turned off. What I mean is, you can tell MongoDB to disable TLS 1.0 and 1.1 from being used and Syracuse will comply with this. You should also know that this will work with Versions of Sage X3 where you can install MongoDB 3.6.14. You can see how to update to MongoDB 3.6.14 by checking out my recent Blog Post HERE. Note it does not cover replicaSets, that’s coming in a future blog post.
I am going to use Sage X3 Version 12 for my demonstrations and screenshots. You can use any version of Sage X3 that is compatible with MongoDB 3.6.14. You will need to be able to find the MongoDB install directory and Administration rights to make the edits. The other thing you will have to be able to do is start and stop services, specifically MongoDB service and Syracuse service. If you’re lucky enough, they should both be on the same server. If you have more than one Syracuse server, you will have to stop services to them all. Same goes for replicaSets for MongoDB. Also, if you have a replicaSet you will have to make the changes for the main host and all secondary mongodb.conf files.
And away we go…
First step is to shut down (stop) all Syracuse and MongoDB services.
Once all the services are stopped, we can begin the changes. You will need to navigate to MongoDB’s install directory and locate the mongodb.conf file. It is typically stored in a folder called config in the main directory of MongoDB.
Example location:
You can then open the conf file with any text editor application like Notepad++ (which I prefer). gEdit is another good application (which is also free). The contents of the file should have the same information as mine. Your exact format my vary depending on how MongoDB was updated to 3.6.14. New installs vs. updated installs may appear different.
Example:
We are then going to focus on the “net:” section of the conf file because this is where we are going to be making our changes. The blue box is where we are going to add the added syntax.
We are going to add the following: disabledProtocols: TLS1_0,TLS1_1 to the conf file in the “net:” section as shown below. Also, make sure it is written exactly as I have posted it. It must include the underscores and spaces. If you have a replicaSet you will have to manually add this to each mongodb.conf files for each of the secondary hosts.
Here is also a copy/paste version as well
net:
bindIpAll: true
port: 27017
wireObjectCheck: true
ipv6: false
ssl:
mode: requireSSL
PEMKeyFile : "C:\\Sage\\SafeX3\\MongoDB\\certs\\x3erpv12vm.pem" ##Example Directories
PEMKeyPassword : “ " ##Purposely Removed the Password. Sneaky sneaky
CAFile: "C:\\Sage\\SafeX3\\MongoDB\\certs\\ca.cacrt" ##Example Directories
disabledProtocols: TLS1_0,TLS1_1
Once this is done, you can save and exit the conf file. Then go back to services and start the MongoDB (first) and Syracuse (second) services. If everything goes well, starting the services and getting the node processes to run should be pretty quick. You can check Windows Task Manager to see if the node processes started or just wait a few minutes and try to sign into Sage X3.
Services started:
Nodes generated (and running):
Able to log in and get no errors:
...And that’s all there is to it.
One gotcha to mention is that; if the MongoDB service fails to start or does not write to the log files, check the indentation of the TLS entry. It should be a bunch of spaces and not a indented TAB. Remember, SPACES not TABS.
Good luck y’all. See ya next time.
