How to disable TLS

This guide assumes that you have a Charmed MongoDB deployment with TLS enabled. See How to enable TLS for more information.

To disable TLS encryption, remove the relation between your MongoDB applications and the TLS provider on the endpoint specific to the peer-to-peer or client-to-server communication.

You can disable peer-to-peer encryption alone, client-to-server encryption alone, or both at the same time.

Disable TLS in a replica set

To disable TLS, simply remove the integration with the TLS provider.

Peer-to-peer

VM

juju remove-relation self-signed-certificates mongodb:peer-certificates

K8s

juju remove-relation self-signed-certificates mongodb-k8s:peer-certificates

You have successfully disabled peer-to-peer TLS encryption with for your replica set

Client-to-server

VM

juju remove-relation self-signed-certificates mongodb:client-certificates

K8s

juju remove-relation self-signed-certificates mongodb-k8s:client-certificates

You have successfully disabled client-to-server TLS encryption with for your replica set

Disable TLS in a sharded cluster

Remove the relations with the TLS provider, from all the cluster components.

In a cluster with two shards (named shard0 and shard1) and a config-server, it would look as follows:

Peer-to-peer

juju remove-relation self-signed-certificates config-server:peer-certificates
juju remove-relation self-signed-certificates shard0:peer-certificates
juju remove-relation self-signed-certificates shard1:peer-certificates

You have successfully disabled peer-to-peer TLS encryption with for your sharded cluster.

Client-to-server

juju remove-relation self-signed-certificates config-server:client-certificates
juju remove-relation self-signed-certificates shard0:client-certificates
juju remove-relation self-signed-certificates shard1:client-certificates

You have successfully disabled client-to-server TLS encryption with for your sharded cluster.