Connecting to DocumentDB using SSL with the MongoDB C# driver

Question

I have an AWS DocumentDB Cluster using TLS. I want to connect to it from my .net core application in C#, using the C# MongoDB Driver.

The connection-string given by AWS includes this part ?ssl_ca_certs=rds-combined-ca-bundle.pem, which is the certificate chain given by Amazon. I can connect to the database using this certificate with the MongoDB shell correctly.

My problem is that the MongoDB C# Driver doesn't support .pem files. It seems to only support .pfx files. I tried converting the .pem, but it lacks a private key. I can generate the .cer needed by the .pfx from the .pem, but not the private key. Even then, this solution seems sketchy and unofficial.

Is there a simple way to connect to DocumentDB using SSL with the MongoDB C# Driver? And if yes, what is the solution I should use?

Answer 1

Connection to Document DB with simple .Net console Application with SSL.

->First of all, enable SSL on your Document DB cluster by setting the parameter tls to 'enabled'. Make sure to reboot the writer node of your cluster to reboot the whole cluster in order to apply the parameter group changes. By default TLS is enabled wench you launch a new Doc DB cluster.

->Set up SSL certificate on your environment:

1)Download the PKCS#7 SSL certificate on your source windows machine from the below link:

https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.p7b

2)Click on Start menu, click Run and type mmc

3)In MMC, File->Add/Remove Snap-in.

4)Select Certificates from the list of snap-ins and click Add.

5)Trusted CA certificates should go in the Local Computer store, so choose the 'Computer Account' radio button, click next and then choose ‘Local Computer'. Click Next and then Finish.

6)Now from the left hand pane(under Console Root, you will see ‘Certificates’ option. Click on it.

7)A list will appear, right click on ‘Trusted Root Certification Authorities’ then choose All Tasks->Import

8)In the window that opens, click on Next, browse for the certificate (.p7b) file downloaded in Step 1(If you can’t find it, from the file type drop down, select All Files), and then Continue to click on Next and finally Finish. Then Save the configuration.

->Then wrote the below code:

Click to copy

---------------------------------------------------

using MongoDB.Bson;
using MongoDB.Driver;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
namespace FirstDocDB
{
    public class Program
    {
        public static void Main(string[] args)
        {
            var connectionString = "mongodb://pulkit:password@ClusterID:27017/?ssl=true&sslVerifyCertificate=true&replicaSet=rs0";
            var client = new MongoClient(connectionString);
            var database = client.GetDatabase("test");
            var collection = database.GetCollection("stuff");
            var document = collection.Find(new BsonDocument()).FirstOrDefault();
            Console.WriteLine(document.ToString());
        }
    }
}

---------------------------------------------------

->And after build and run, I was successfully able to get the document in the collection named “stuff” as output: { "_id" : ObjectId("5c5a63b10cf861158c1d241c"), "hello" : "world" }

Thus, After following the above steps, I was successfully able to connect to Document DB using Mongo driver for .Net.