Navigation

Create an X.509 Certificate for a User

Create a new Atlas-managed X.509 certificate for the specified database user.

Important With Circle IconCreated with Sketch.Important

If you are managing your own Certificate Authority (CA) in Self-Managed X.509 mode, you must generate certificates for database users using your own CA.

Info With Circle IconCreated with Sketch.Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

To generate an Atlas-managed certificate for a database user, that user must have an x509Type set to MANAGED.

You must have the Atlas admin role to use this endpoint.

https://cloud.mongodb.com/api/atlas/v1.0

POST /groups/{GROUP-ID}/databaseUsers/{USERNAME}/certs
NameTypeNecessityDescription
GROUP-IDstringRequiredIdentifier for the Atlas project associated with the X.509 configuration.
USERNAMEstringRequiredUsername of the database user to create a certificate for.

The following query parameters are optional:

Query ParameterTypeDescriptionDefault
prettybooleanDisplays response in a prettyprint format.false
envelopebooleanSpecifies whether or not to wrap the response in an envelope.false
NameTypeDescriptionDefault
monthsUntilExpirationnumberA number of months that the created certificate is valid for before expiry, up to 24 months.3

The response is a concatenated X.509 certificate and private key.

The following example creates and returns an X.509 certificate.

curl --request POST \
--user "{publicApiKey}:{privateApiKey}" \
--header "Content-Type: application/json" \
--digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/{groupId}/databaseUsers/{username}/certs?pretty=true" \
--data '{"monthsUntilExpiration":12}'

The following partial example shows an X.509 certificate and private key returned:

1-----BEGIN CERTIFICATE-----
2MIIFCTCCAvGgAwIBAgIIbbbwIuB41jMwDQYJKoZIhvcNAQELBQAwSTEhMB8GA1UE
3...
4RU6XlZVzscjSFPjuXfGcprc+cXH2bXQ4tfH3KFOPETdHfWtxe7F1nq4zPwgQ
5-----END CERTIFICATE-----
6-----BEGIN PRIVATE KEY-----
7MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC8kbepjB1PB62e
8...
9q0cjL/n1kRCfS5lJTsu7XkYDy6reEQ==
10-----END PRIVATE KEY-----
Give Feedback