I am attempting to connect to Amazon DocumentDB cluster via SSH port forwarding as described here. I can connect using this command ...
mongosh --host localhost:27017 --ssl --sslAllowInvalidHostnames --sslCAFile rds-combined-ca-bundle.pem --username REDACTED --password REDACTED
... but not this command ...
mongosh mongodb://REDACTED:REDACTED@localhost:27017/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem
It fails with the error message "unable to get local issuer certificate." At least one problem is that I have not been able to find any documentation on how to translate the --sslAllowInvalidHostnames option into the connection string format. I found this, but adding &sslVerifyCertificate=false doesn't change anything so there might be something else I'm doing wrong here.
I figured it out (sort of). I never got the connection string working via mongosh, but when using it to connect in code, which was my ultimate goal, there are language-specific steps you have to take to install the CA cert. Then you can connect your app with a connection string like this.
mongodb://REDACTED:REDACTED@localhost:27017?tls=true&tlsInsecure=true