Navigation

Create an X.509 Certificate for a User

Create a new Atlas-managed X.509 certificate for the specified database user.

Important

If you are managing your own Certificate Authority (CA) in Self-Managed X.509 mode, you must generate certificates for database users using your own CA.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Prerequisites

To generate an Atlas-managed certificate for a database user, that user must have an x509Type set to MANAGED.

Required Roles

You must have the Atlas admin role to use this endpoint.

Resource

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

POST /groups/{GROUP-ID}/databaseUsers/{USERNAME}/certs

Request

Path Parameters

Name Type Necessity Description
GROUP-ID string Required Identifier for the Atlas project associated with the X.509 configuration.
USERNAME string Required Username of the database user to create a certificate for.

Query Parameters

The following query parameters are optional:

Query Parameter Type Description Default
pretty boolean Displays response in a prettyprint format. false
envelope boolean Specifies whether or not to wrap the response in an envelope. false

Body Parameters

Name Type Description Default
monthsUntilExpiration number A number of months that the created certificate is valid for before expiry, up to 24 months. 3

Response

The response is a concatenated X.509 certificate and private key.

Example

Request

The following example creates and returns an X.509 certificate.

curl --request POST \
 --user "{publicApiKey}:{privateApiKey}" \
 --header "Content-Type: application/json" \
 --digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/{groupId}/databaseUsers/{username}/certs?pretty=true" \
 --data '{"monthsUntilExpiration":12}'

Response

The following partial example shows an X.509 certificate and private key returned:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
-----BEGIN CERTIFICATE-----
MIIFCTCCAvGgAwIBAgIIbbbwIuB41jMwDQYJKoZIhvcNAQELBQAwSTEhMB8GA1UE
...
RU6XlZVzscjSFPjuXfGcprc+cXH2bXQ4tfH3KFOPETdHfWtxe7F1nq4zPwgQ
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC8kbepjB1PB62e
...
q0cjL/n1kRCfS5lJTsu7XkYDy6reEQ==
-----END PRIVATE KEY-----