openssl req -x509 -new -nodes -key ca.key -sha256 -days 1024 -out clientca.pem
In a standard HTTPS connection, the server presents a certificate to the client (your browser) to prove its identity. This is why you see a padlock icon in your address bar. clientca.pem download
If you are setting up a server (e.g., a MongoDB instance, a Kubernetes cluster, or a custom API) and you want to enforce client authentication, you do not download the file—you generate it. openssl req -x509 -new -nodes -key ca
If you have the file but still get errors, here are typical fixes: a MongoDB instance