Docs Home / Compass / Connect / Advanced Options

TLS / SSL Connection Tab连接选项卡

The TLS / SSL tab allows you to connect deployments with TLS / SSL. For more information on TLS / SSL, see TLS Options“TLS/SSL”选项卡允许您使用TLS/SSL连接部署。有关TLS/SSL的更多信息,请参阅TLS选项

Note

If you connect to an Atlas cluster with the standard connection string format, you must enable TLS/SSL.如果使用标准连接字符串格式连接到Atlas集群,则必须启用TLS/SSL。

Procedure过程

1

Open the New Connection modal.打开“新建连接”模式。

In the bottom panel of the Connections Sidebar, click Add New Connection to open the New Connection modal.在“连接”侧栏的底部面板中,单击“添加新连接”以打开“新建连接”模式。

If you already have connections listed in the Connections Sidebar, click the icon on the top right of the sidebar to open the New Connection modal.如果您已经在“连接”侧边栏中列出了连接,请单击侧边栏右上角的图标以打开“新连接”模式。

2

Click Advanced Connection Options.单击“高级连接选项”。

New Advanced Connection Options
3

Click the TLS / SSL tab.单击“TLS/SSL”选项卡。

You can leave TLS unset with the Default option or set the TLS / SSL connection On or Off.您可以使用Default选项不设置TLS,也可以将TLS/SSL连接设置为on(打开)或off(关闭)。

Option选项Description描述
DefaultThe Default option leaves the TLS option unset. The Default / unset TLS /SSL option is enabled when using a DNS seedlist (SRV) in the connection string. Default选项未设置TLS选项。在连接字符串中使用DNS种子列表(SRV)时,启用Default / unset(默认/未设置)TLS/SSL选项。To learn more about the additional options available, see Additional TLS / SSL Options.要了解更多可用的其他选项,请参阅其他TLS/SSL选项
OnSelect the On option when using a DNS seedlist (SRV) in the connection string. When TLS / SSL Connection is On, you can specify additional certificate options for your connection string. 在连接字符串中使用DNS种子列表(SRV)时,选择On选项。当TLS/SSL连接是On时,您可以为连接字符串指定其他证书选项。To see more on the additional certificate options available, see Additional TLS / SSL Options.要查看更多可用的其他证书选项,请参阅其他TLS/SSL选项
Off

The Off option initiates a connection without TLS / SSL.Off选项启动没有TLS/SSL的连接。

Enable TLS / SSL to avoid security vulnerabilities.启用TLS/SSL以避免安全漏洞。

Additional TLS / SSL Options其他TLS/SSL选项

When TLS is On you can specify the following:当TLS是On时,您可以指定以下内容:

Option选项Description描述
Certificate Authority(证书颁发机构)One or more certificate files from trusted Certificate Authorities to validate the certificate provided by the deployment.来自受信任的证书颁发机构的一个或多个证书文件,用于验证部署提供的证书。
Client Certificate(客户端证书)Specifies the location of a local .pem file that contains either the client's TLS/SSL X.509 certificate or the client's TLS/SSL certificate and key.指定本地.pem文件的位置,该文件包含客户端的TLS/SSL X.509证书或客户端的TLS/SSL证书和键。
Client Key Password(客户端键密钥)If the Client Private Key is protected with a password, you must provide the password.如果“客户端私钥”受密码保护,则必须提供密码。
tlsInsecureDisables various certificate validations.禁用各种证书验证。
tlsAllowInvalidHostnamesDisables hostname validation of the certificate presented by the the deployment.禁用部署提供的证书的主机名验证。
tlsAllowInvalidCertificatesDisable the validation of the server certificates.禁用服务器证书的验证。

Warning

Enabling tlsInsecure, tlsAllowInvalidHostnames, and tlsAllowInvalidCertificates may cause a security vulnerabilty.启用tlsInsecuretlsAllowInvalidHostnamestlsAllowValidCertificates可能会导致安全漏洞。

4

(Optional) For advanced connection configuration options, click the Advanced tab.(可选)有关高级连接配置选项,请单击“高级”选项卡。

5

Click Connect.单击“连接”。

Tip

To disconnect from your deployment, see Disconnect from MongoDB.要断开与部署的连接,请参阅断开与MongoDB的连接

Example示例

The following example specifies a connection with TLS/SSL enabled in the TLS / SSL tab. This connection uses X.509 authentication which requires a client certificate.以下示例指定了在“TLS/SSL”选项卡中启用TLS/SSL的连接。此连接使用需要客户端证书的X.509身份验证。

Screenshot of Compass configured to connect to an example cluster with TLS/SSL

1