How do I configure SSL on server?

I have setup my own mongoDB and enabled authorization that’s hosted on an external server.
Which i can now connect to my DB using mongo Compass while mongoDB is:
bindIp :
But not any other things else.
Then I found this thread :
Stating that there’s a misconception on bindIp. Which it does not listen to remote ip that wants to connect, but listen to only local network. In order to connect to my mongoDB with a remote ip while not opening all my port to public ( i need to set up a SSL connection.

Now here’s the problem. How do i setup SSL connection ? I took the class M301 and know about X.509 but still have no clue how to connect via SSL.
I would like to connect through something like with the connection string of:
mongod://:@XXX.XX.XX.XXX:XXXXX/?ssl=true <<<<
If X.509 is the method, how do i work with pem key ? how do i sign one ? how do i use client key in mongo compass?