
We have a mondogDB deployment currently in our test environment. We have a 7 member Replica Set and no Arbiter.

We want to configure the data replication between the replica set members secure. 
We don't want to configure SSL for the clients to our MongoDB cluster as the communication from the    client to this MongoDB cluster is via Stunnel. So the client doesn't need to use SSL to connect.

Just curious to see if this possible i.e configure only the data being replicated between replica set members Secure but not the actual communication from the Client to this MongoDB cluster

_THanks much

Was it helpful?


I've not tried this personally but I do believe you can do this. In addition to compiling mongodb with ssl, or purchasing one of the MongoDb subscriptions that support SSL you will need to run with the following option:


set to preferSSL. This will use SSL for inter-server communications but allow both SSL and non-SSL for other connections:

That of course is all in addition to the other configuration settings required for running with SSL:

Note that this is new for version 2.6. I don't have a version of mongodb compiled with ssl support so it's not been tested by me.


@DurgaDeep in MongoDB v2.6 you can run the MongoDB instance in mixed mode SSL while also specifying the x509 certificates for the cluster members to authenticate each other. Please note that SSL is not part of the default community build and you may need to build the binary on your own if you are using community build. x509 certificates is only available on subscription builds so that will not work for you if you are using a community build.

The easiest option to achieve what you want to do irrespective of the MongoDB version would be to setup stunnel between the replica-set nodes and let it take care of encrypted channel independently. This is the usual route a lot of applications take which do not have SSL embedded as an option.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top