If you have
Read the below article to set SSL on server side:
- https://docs.mongodb.com/manual/tutorial/configure-ssl/
Now in order to set
- https://api.mongodb.com/python/current/examples/tls.html
#mongodb #ssl #tls #pymongo
mongoDB as your database and you query on DB from an external network, make sure you have SSL in place. By not using SSL everyone can evesdrop on the network data which is transmitted in between.Read the below article to set SSL on server side:
- https://docs.mongodb.com/manual/tutorial/configure-ssl/
Now in order to set
SSL=True in mongo python driver head over to link below to read more on:- https://api.mongodb.com/python/current/examples/tls.html
#mongodb #ssl #tls #pymongo
Mongodb
Configure mongod and mongos for TLS/SSL - Database Manual v8.0 - MongoDB Docs
Configure MongoDB instances for TLS or SSL encryption using native OS libraries. Ensure strong ciphers with a minimum 128-bit key length for secure connections.
A couple days ago we talked about MongoDB that uses TLS/SSL to encrypt the communication with clients connecting to it (like pyMongo). Now if you want to test MongoDB with self-signed certificate you can generate one with the command below:
This operation generates a new, self-signed certificate with no passphrase that is valid for 365 days. Once you have the certificate, concatenate the certificate and private key to a .pem file, as in the following example:
If using the YAML configuration file format, include the following configuration in the file:
#mongodb #ssl #tls #pem #openssl
cd /etc/ssl/
openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
This operation generates a new, self-signed certificate with no passphrase that is valid for 365 days. Once you have the certificate, concatenate the certificate and private key to a .pem file, as in the following example:
cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
If using the YAML configuration file format, include the following configuration in the file:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
NOTE: instead of requireSSL you can use preferSSL to not force the requirement. It depends on the requirements and network topolgy.#mongodb #ssl #tls #pem #openssl
Why Axigen Mail Server log gives the error of
It is suggest to leave this behaviour as is, but in case there is an exception that you want to send mail to that mail server you need to ignore TLS for the target. In order to do so login to
1- Navigate to Security & Filtering -> Acceptance & Routing -> Advanced Settings
2- Click the
3- Write a suggestive name for the rule like
4- In the
- Recipient -> Domain -> add the condition -> select 'Is' from the combo box -> write Name_of_the_domain (example.com) in the combo box.
- Delivery -> Relaying mail -> click add the condition
5- Select at the top of the
6- in the
Now click
#mailserver #axigen #TLS #STARTTLS
Unable to perform STARTTLS and how to solve it?Axigen by default initiate a TLS connection with the target mail server. When the target mail server does not accept TLS, Axigen will mark the mail message as Relay error with the error of Unable to perform STARTTLS.It is suggest to leave this behaviour as is, but in case there is an exception that you want to send mail to that mail server you need to ignore TLS for the target. In order to do so login to
Axigen webadmin interface and:1- Navigate to Security & Filtering -> Acceptance & Routing -> Advanced Settings
2- Click the
Add Acceptance / Routing Rule button3- Write a suggestive name for the rule like
disable_tls_example_com4- In the
Conditions section add the following two conditions:- Recipient -> Domain -> add the condition -> select 'Is' from the combo box -> write Name_of_the_domain (example.com) in the combo box.
- Delivery -> Relaying mail -> click add the condition
5- Select at the top of the
Conditions section For incoming messages that match -> ALL of the conditions below (instead of the default `ANY of the conditions below`)6- in the
Actions section select Settings -> Allow StartTLS -> add the action. DO NOT tick the check-box next to Allow StartTLS.Now click
SAVE CONFIGURATION button. Your're done and you should see something like below in your axigen log file:Set recipient <[email protected]> state to SENT
#mailserver #axigen #TLS #STARTTLS