Skip to content

Secure MongoDB ???? Für aktuelles Produkt umarbeiten ????


For security reasons, SEAL Systems strongly recommends configuring the TLS encryption and changing the token used for encrypting the credentials.


Configure the TLS Encryption

In order to secure the connection with MongoDB, you need a combined PEM file containing both the TLS certificate and the private key.

  1. Combine the file containing the certificate:

    C:\ProgramData\SEAL Systems\infrastructure\config\tls\cert.pem

    and the file containing the private key:

    C:\ProgramData\SEAL Systems\infrastructure\config\tls\key.pem

  2. Save the combined file as:

    C:\ProgramData\SEAL Systems\infrastructure\config\tls\cert-key-combined.pem


Specify the CA Certificate (If Available)

This step is only required if your certificate contains a CA certificate. If the certificate exists, it is checked for validity when the connection is established.

  1. Open the configuration file of MongoDB, C:\ProgramData\SEAL Systems\infrastructure\config\mongod.conf.

  2. Replace the following line:

    allowInvalidCertificates: true
    

    by the following line:

    CAFile: C:\ProgramData\SEAL Systems\infrastructure\config\tls\ca.pem
    
  3. Save the configuration file.

  4. Restart the seal-mongodb service.


Change the Token for Encrypting the Credentials

If you keep the standard installation, MongoDB is used as credential store. For security reasons, change the pre-configured token used for encrypting the credentials. The token may be any string.

  1. In the configuration of SEAL Print Client, specify the token with MONGO_TOKEN.

  2. Stop all SEAL Operator services.

  3. Delete the complete data directory of MongoDB, C:\ProgramData\SEAL Systems\infrastructure\data\seal-mongodb.

  4. Start the seal-mongodb service.

  5. Start the SEAL Operator services.


Back to top