You are right The options such as tlsUseSystemCA and tlsCertificateSelector are not available for usage in connection string. Due to this issue you have to convert pfx or cer files in pem and then refer to them in connection string. This completely defeats the purpose of windows certificate store as far as compass and connection strings are concerned; furthermore, some organizations have problem with using multiple types of certificates (due to security reasons). Not to mention this issue is not even found written in Mongodb documentations. For example if I have a shell command like this "mongosh "mongodb://Server01:27017,Server02:27017,Server03:27017/?tls=true&tlsAllowInvalidHostnames=true" --tlsCertificateSelector "subject=testingcertificate" --tlsUseSystemCA" The connection string does not give me option to use "tlsCertificateSelector" and "tlsUseSystemCA" so I cannot possible utilize certificate store.