Question about X.509 / lecture

I am now trying to review the lectures concerning X.509 inside the M310 course. And I have one question.

It concerns a comment made at time 0:45~0:55 of the Lecture: Enabling X.509.

One can hear:
“Each of these containing both the public certificate and the corresponding private key”.

The same kind of comment is made again at time 1:48~1:53.

Shouldn’t it be “the corresponding public key” ?

Also at time 2:50, we have this command on the screen:
mongo --ssl --sslPEMKeyFile client.pem --sslCAFile ca.pem

meaning that the file client.pem is sent to the server.

In other words the private key (inside client.pem) is sent to the server. This seems to be in contradiction with what I know about the handling of a private key, as well as what I understand about what a certificate is.
The top rule being that “a private key should never be shared”.

Please explain. Am I missing something or is it an error in the comment?

Hi @Michel_Bouchet,

I would recommend you to go through the following documentation link:

We can then discuss any questions that you might have about the concept.

Kind Regards,
Sonali

1 Like

Thanks. The document you mention is certainly full of information and very interesting.
But as far as I can read it does not refer to private or public keys.

So my question is still valid.

Hi @Michel_Bouchet,

The server.pem file specified in the --sslPEMKeyFile option contains both the TLS/SSL certificate and key.
The ca.pem file specified in the --sslCAFile option contains the root certificate chain from the Certificate Authority

Check the follwoing documentation links to understand how to configure your server with TLS/SSL connections and how clients can connects to these mongod/mongos instances

Please feel free to reach out if you have any questions about the specific keys/certificates.

Kind Regards,
Sonali

Thank you for the reply … though it does not exactly answer my question.