Question about authenticating with X.509

In the lecture Enabling X.509, we see that we can authenticate within mongo shell, using this:

db.getSiblingDB("$external").auth({user: “…”, mechanism: “MONGODB-X509”})

But here is a question. Do we still have the option to use the -u option when firing up mongo shell?
I mean something like:

mongo admin --tls --host 127.0.0.1 --tlsCertificateKeyFile Client.cert --tlsCAFile RootCA.pem -u CN=127.0.0.1,O=ClientCA,ST=MA,C=US

Or some similar way.

As far as I have tried, it did not work. I was asked for a password and of course I have none. But there may be some trick that I don’t know. I hope somebody has the answer.

I was lucky enough to find the answer (while looking for something different) before anyone could reply. In case someone has the same question here is what one can use, and it works:

mongo --tls --host 127.0.0.1 --tlsCertificateKeyFile client.pem --tlsCAFile ca.pem --authenticationDatabase ‘$external’ --authenticationMechanism MONGODB-X509

2 Likes