I am trying to connect to MongoDB Atlas cluster using Datagrip as a DB client and authenticating by an Atlas managed x.509 certificate which I got when setting up a user in MongoDB Atlas database. I've IP whitelisting and I can connect to the DB using the same certificate but using other clients (for example Mongo Shell, Mongo Compass). Here are the screenshots, as you can see I am using x.509 auth method, with correct connection string and SSL enabled, also I'm providing certificate (.pem) file provided by MongoDB Atlas as a client certificate file.
When I try to connect to the DB using a certificate I'm getting a "Certificate verification failed" error and the connection is being dropped.
How to connect to MongoDB using Atlas managed x.509 certificate using Datagrip client?
I've figured out that the certificate file that is being downloaded when creating new certificate-authenticated user in MongoDB Atlas contains a certificate and a private key, separated by x.509 format separators. It will be similar to this in the same ".pem" file
-----BEGIN CERTIFICATE-----
MIIC2DCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2Nh
bGhvc3QwHhcNMTkwNTE3MDgzNzUyWhcNMjkwNTE0MDgzNzUyWjAUMRIwEAYDVQQD
Ewlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPtCqS1fZTRO
...
ntKxAEc+f8B48oizszkKcQxdcnGRCqxJbGHYQO8kCGyNwl8wIDAQABo1AwTjAdBg
NVHQ4EFgQUcdVmG/S+RDF/RNqXz5a5mBcga+AwHwYDVR0jBBgwFoAUcdVmG/S+RD
F/RNqXz5a5mBcga+AwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAdpS
kfbfpnVxsK4wYcHktz5SBzYrPp3nTDjzMxWBQdpyFJnKixwVZav1U+2MDk8M6LBq
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDcOe7B3CZ8bshp
...
2CrmfGJeakYh5EMTNsFJtuwhJfiLtX2S50g9IGSKBh2MShlFAyxiW8p8GzYPFqco
...
-----END PRIVATE KEY-----
When using Mongo Shell or Mongo Compass, providing a single .pem file is enough for successful connection, but Datagrip requires additional configuration. After splitting given .pem file into .crt (certificate) and .key (private key) files. By specifying .crt file in "Client certificate file" field and .key file in "Client key file" field you will be able to successfully establish the connection.
[Edit]
As mentioned in the comments, the same file also can be used in both fields without editing it, and the connection will be established successfully.