diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0100_install_operator.sh b/docs/search/04-search-external-mongod/code_snippets/04_0100_install_operator.sh
index 8ada5bee6..432139353 100644
--- a/docs/search/04-search-external-mongod/code_snippets/04_0100_install_operator.sh
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0100_install_operator.sh
@@ -2,5 +2,5 @@ helm upgrade --install --debug --kube-context "${K8S_CTX}" \
   --create-namespace \
   --namespace="${MDB_NS}" \
   mongodb-kubernetes \
-  --set "${OPERATOR_ADDITIONAL_HELM_VALUES:-"dummy=value"}" \
+  ${OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \
   "${OPERATOR_HELM_CHART}"
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0110_wait_for_operator_deployment.sh b/docs/search/04-search-external-mongod/code_snippets/04_0110_wait_for_operator_deployment.sh
new file mode 100644
index 000000000..1a3a0d82a
--- /dev/null
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0110_wait_for_operator_deployment.sh
@@ -0,0 +1,8 @@
+echo "Waiting for operator deployment to be ready..."
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" rollout status --timeout=2m deployment/mongodb-kubernetes-operator
+
+echo "Operator deployment in ${MDB_NS} namespace"
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get deployments
+
+echo; echo "Operator pod in ${MDB_NS} namespace"
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods -l app=mongodb-kubernetes-operator
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0304_install_cert_manager.sh b/docs/search/04-search-external-mongod/code_snippets/04_0304_install_cert_manager.sh
new file mode 100644
index 000000000..0e92edf54
--- /dev/null
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0304_install_cert_manager.sh
@@ -0,0 +1,15 @@
+helm upgrade --install \
+  cert-manager \
+  oci://quay.io/jetstack/charts/cert-manager \
+  --kube-context "${K8S_CTX}" \
+  --namespace "${CERT_MANAGER_NAMESPACE}" \
+  --create-namespace \
+  --set crds.enabled=true
+
+for deployment in cert-manager cert-manager-cainjector cert-manager-webhook; do
+  kubectl --context "${K8S_CTX}" \
+    -n "${CERT_MANAGER_NAMESPACE}" \
+    wait --for=condition=Available "deployment/${deployment}" --timeout=300s
+done
+
+echo "cert-manager is ready in namespace ${CERT_MANAGER_NAMESPACE}."
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0305_create_mongodb_community_user_secrets.sh b/docs/search/04-search-external-mongod/code_snippets/04_0305_create_mongodb_community_user_secrets.sh
index f04439134..80b655277 100644
--- a/docs/search/04-search-external-mongod/code_snippets/04_0305_create_mongodb_community_user_secrets.sh
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0305_create_mongodb_community_user_secrets.sh
@@ -1,11 +1,16 @@
-kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
-  create secret generic mdb-admin-user-password \
-  --from-literal=password="${MDB_ADMIN_USER_PASSWORD}"
+# Create admin user secret
+kubectl create secret generic mdb-admin-user-password \
+  --from-literal=password="${MDB_ADMIN_USER_PASSWORD}" \
+  --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
 
-kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
-  create secret generic mdbc-rs-search-sync-source-password \
-  --from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}"
+# Create search sync source user secret
+kubectl create secret generic "${MDB_RESOURCE_NAME}-search-sync-source-password" \
+  --from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}" \
+  --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
 
-kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
-  create secret generic mdb-user-password \
-  --from-literal=password="${MDB_USER_PASSWORD}"
+# Create regular user secret
+kubectl create secret generic mdb-user-password \
+  --from-literal=password="${MDB_USER_PASSWORD}" \
+  --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
+
+echo "User secrets created."
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0306_prepare_cert_manager_issuer.sh b/docs/search/04-search-external-mongod/code_snippets/04_0306_prepare_cert_manager_issuer.sh
new file mode 100644
index 000000000..37a20b3e1
--- /dev/null
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0306_prepare_cert_manager_issuer.sh
@@ -0,0 +1,59 @@
+# 1. Self-signed bootstrap issuer
+kubectl apply --context "${K8S_CTX}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: ${MDB_TLS_SELF_SIGNED_ISSUER}
+spec:
+  selfSigned: {}
+EOF
+kubectl --context "${K8S_CTX}" wait --for=condition=Ready clusterissuer "${MDB_TLS_SELF_SIGNED_ISSUER}" --timeout=120s
+
+# 2. CA certificate
+kubectl apply --context "${K8S_CTX}" -n "${CERT_MANAGER_NAMESPACE}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ${MDB_TLS_CA_CERT_NAME}
+  namespace: ${CERT_MANAGER_NAMESPACE}
+spec:
+  isCA: true
+  commonName: ${MDB_TLS_CA_CERT_NAME}
+  secretName: ${MDB_TLS_CA_SECRET_NAME}
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: ${MDB_TLS_SELF_SIGNED_ISSUER}
+    kind: ClusterIssuer
+EOF
+kubectl --context "${K8S_CTX}" wait --for=condition=Ready -n "${CERT_MANAGER_NAMESPACE}" certificate "${MDB_TLS_CA_CERT_NAME}" --timeout=300s
+
+# 3. CA issuer referencing CA secret
+kubectl apply --context "${K8S_CTX}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: ${MDB_TLS_CA_ISSUER}
+spec:
+  ca:
+    secretName: ${MDB_TLS_CA_SECRET_NAME}
+EOF
+kubectl --context "${K8S_CTX}" wait --for=condition=Ready clusterissuer "${MDB_TLS_CA_ISSUER}" --timeout=120s
+
+# 4. Extract CA cert (only ca.crt) and publish to ConfigMap & Secret
+TMP_CA_CERT="$(mktemp)"; trap 'rm -f "${TMP_CA_CERT}"' EXIT
+ca_b64="$(kubectl --context "${K8S_CTX}" get secret "${MDB_TLS_CA_SECRET_NAME}" -n "${CERT_MANAGER_NAMESPACE}" -o jsonpath="{.data['ca\\.crt']}")"
+[[ -n "${ca_b64}" ]] || { echo "CA certificate key ca.crt missing in secret ${MDB_TLS_CA_SECRET_NAME}" >&2; exit 1; }
+printf '%s' "${ca_b64}" | base64 --decode > "${TMP_CA_CERT}"
+
+# Create ConfigMap (MongoDBCommunity) and Secret (external search source) containing CA
+kubectl --context "${K8S_CTX}" create configmap "${MDB_TLS_CA_CONFIGMAP}" -n "${MDB_NS}" \
+  --from-file=ca-pem="${TMP_CA_CERT}" --from-file=mms-ca.crt="${TMP_CA_CERT}" --from-file=ca.crt="${TMP_CA_CERT}" \
+  --dry-run=client -o yaml | kubectl --context "${K8S_CTX}" apply -f -
+
+kubectl --context "${K8S_CTX}" create secret generic "${MDB_TLS_CA_SECRET_NAME}" -n "${MDB_NS}" \
+  --from-file=ca.crt="${TMP_CA_CERT}" \
+  --dry-run=client -o yaml | kubectl --context "${K8S_CTX}" apply -f -
+
+echo "CA issuer and artifacts prepared (ConfigMap: ${MDB_TLS_CA_CONFIGMAP}, Secret: ${MDB_TLS_CA_SECRET_NAME})."
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0307_issue_tls_certificates.sh b/docs/search/04-search-external-mongod/code_snippets/04_0307_issue_tls_certificates.sh
new file mode 100644
index 000000000..32de13830
--- /dev/null
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0307_issue_tls_certificates.sh
@@ -0,0 +1,70 @@
+# Issue server and search certificates
+server_certificate="${MDB_RESOURCE_NAME}-server-tls"
+search_certificate="${MDB_RESOURCE_NAME}-search-tls"
+
+# DNS names for MongoDB server certificate
+mongo_dns_names=()
+[[ -n "${MDB_EXTERNAL_HOST_0:-}" ]] && mongo_dns_names+=("${MDB_EXTERNAL_HOST_0%%:*}")
+[[ -n "${MDB_EXTERNAL_HOST_1:-}" ]] && mongo_dns_names+=("${MDB_EXTERNAL_HOST_1%%:*}")
+[[ -n "${MDB_EXTERNAL_HOST_2:-}" ]] && mongo_dns_names+=("${MDB_EXTERNAL_HOST_2%%:*}")
+mongo_dns_names+=("${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local" "*.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local")
+[[ ${#mongo_dns_names[@]} -gt 0 ]] || { echo "No MongoDB DNS names generated; set MDB_EXTERNAL_HOST_* vars" >&2; exit 1; }
+
+# DNS names for MongoDB Search certificate
+search_dns_names=(
+  "${MDB_SEARCH_SERVICE_NAME}"
+  "${MDB_SEARCH_SERVICE_NAME}.${MDB_NS}.svc.cluster.local"
+  "${MDB_SEARCH_SERVICE_NAME}-search-svc.${MDB_NS}.svc.cluster.local"
+  "*.${MDB_SEARCH_SERVICE_NAME}-search-svc.${MDB_NS}.svc.cluster.local"
+)
+[[ -n "${MDB_SEARCH_HOSTNAME}" ]] && search_dns_names+=("${MDB_SEARCH_HOSTNAME}")
+
+mongo_dns_block="$(printf '      - "%s"\n' "${mongo_dns_names[@]}")"
+search_dns_block="$(printf '      - "%s"\n' "${search_dns_names[@]}")"
+
+kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ${server_certificate}
+  namespace: ${MDB_NS}
+spec:
+  secretName: ${MDB_TLS_SERVER_CERT_SECRET_NAME}
+  issuerRef:
+    name: ${MDB_TLS_CA_ISSUER}
+    kind: ClusterIssuer
+  duration: 240h0m0s
+  renewBefore: 120h0m0s
+  usages:
+    - digital signature
+    - key encipherment
+    - server auth
+    - client auth
+  dnsNames:
+${mongo_dns_block}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ${search_certificate}
+  namespace: ${MDB_NS}
+spec:
+  secretName: ${MDB_SEARCH_TLS_SECRET_NAME}
+  issuerRef:
+    name: ${MDB_TLS_CA_ISSUER}
+    kind: ClusterIssuer
+  duration: 240h0m0s
+  renewBefore: 120h0m0s
+  usages:
+    - digital signature
+    - key encipherment
+    - server auth
+    - client auth
+  dnsNames:
+${search_dns_block}
+EOF
+
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=condition=Ready certificate "${server_certificate}" --timeout=300s
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=condition=Ready certificate "${search_certificate}" --timeout=300s
+
+echo "Server and Search TLS certificates issued (Secrets: ${MDB_TLS_SERVER_CERT_SECRET_NAME}, ${MDB_SEARCH_TLS_SECRET_NAME})."
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0310_create_mongodb_community_resource.sh b/docs/search/04-search-external-mongod/code_snippets/04_0310_create_mongodb_community_resource.sh
index 6c828b424..0b4c22650 100644
--- a/docs/search/04-search-external-mongod/code_snippets/04_0310_create_mongodb_community_resource.sh
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0310_create_mongodb_community_resource.sh
@@ -2,12 +2,18 @@ kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
 apiVersion: mongodbcommunity.mongodb.com/v1
 kind: MongoDBCommunity
 metadata:
-  name: mdbc-rs
+  name: ${MDB_RESOURCE_NAME}
 spec:
   version: ${MDB_VERSION}
   type: ReplicaSet
   members: 3
   security:
+    tls:
+      enabled: true
+      certificateKeySecretRef:
+        name: ${MDB_TLS_SERVER_CERT_SECRET_NAME}
+      caConfigMapRef:
+        name: ${MDB_TLS_CA_CONFIGMAP}
     authentication:
       ignoreUnknownUsers: true
       modes:
@@ -17,7 +23,7 @@ spec:
       mongotHost: ${MDB_SEARCH_HOSTNAME}:27028
       searchIndexManagementHostAndPort: ${MDB_SEARCH_HOSTNAME}:27028
       skipAuthenticationToSearchIndexManagementServer: false
-      searchTLSMode: disabled
+      searchTLSMode: requireTLS
       useGrpcForSearch: true
   agent:
     logLevel: DEBUG
@@ -71,8 +77,8 @@ spec:
       db: admin
       # a reference to the secret that will be used to generate the user's password
       passwordSecretRef:
-        name: mdbc-rs-search-sync-source-password
-      scramCredentialsSecretName: mdbc-rs-search-sync-source
+        name: ${MDB_RESOURCE_NAME}-search-sync-source-password
+      scramCredentialsSecretName: ${MDB_RESOURCE_NAME}-search-sync-source
       roles:
         - name: searchCoordinator
           db: admin
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0315_wait_for_community_resource.sh b/docs/search/04-search-external-mongod/code_snippets/04_0315_wait_for_community_resource.sh
index 669bf434f..70ae6a105 100644
--- a/docs/search/04-search-external-mongod/code_snippets/04_0315_wait_for_community_resource.sh
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0315_wait_for_community_resource.sh
@@ -1,7 +1,9 @@
 echo "Waiting for MongoDBCommunity resource to reach Running phase..."
-kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
-  --for=jsonpath='{.status.phase}'=Running mdbc/mdbc-rs --timeout=400s
+
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running mdbc/"${MDB_RESOURCE_NAME}" --timeout=400s
+
 echo; echo "MongoDBCommunity resource"
-kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/"${MDB_RESOURCE_NAME}"
+
 echo; echo "Pods running in cluster ${K8S_CTX}"
 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0320_create_mongodb_search_resource.sh b/docs/search/04-search-external-mongod/code_snippets/04_0320_create_mongodb_search_resource.sh
index 260357e50..d3134bac9 100644
--- a/docs/search/04-search-external-mongod/code_snippets/04_0320_create_mongodb_search_resource.sh
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0320_create_mongodb_search_resource.sh
@@ -2,7 +2,7 @@ kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
 apiVersion: mongodb.com/v1
 kind: MongoDBSearch
 metadata:
-  name: mdbs
+  name: ${MDB_SEARCH_RESOURCE_NAME:-mdbs}
 spec:
   source:
     external:
@@ -10,10 +10,17 @@ spec:
         - ${MDB_EXTERNAL_HOST_0}
         - ${MDB_EXTERNAL_HOST_1}
         - ${MDB_EXTERNAL_HOST_2}
+      tls:
+        ca:
+          name: ${MDB_TLS_CA_SECRET_NAME}
     username: search-sync-source
     passwordSecretRef:
       name: ${MDB_RESOURCE_NAME}-search-sync-source-password
       key: password
+  security:
+    tls:
+      certificateKeySecretRef:
+        name: ${MDB_SEARCH_TLS_SECRET_NAME}
   resourceRequirements:
     limits:
       cpu: "3"
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0322_create_search_loadbalancer_service.sh b/docs/search/04-search-external-mongod/code_snippets/04_0322_create_search_loadbalancer_service.sh
index dfdeb5ec9..4d1523ab3 100644
--- a/docs/search/04-search-external-mongod/code_snippets/04_0322_create_search_loadbalancer_service.sh
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0322_create_search_loadbalancer_service.sh
@@ -6,7 +6,7 @@ metadata:
 spec:
   type: LoadBalancer
   selector:
-    app: mdbs-search-svc
+    app: ${MDB_SEARCH_RESOURCE_NAME:-mdbs}-search-svc
   ports:
     - name: mongot
       port: 27028
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0325_wait_for_search_resource.sh b/docs/search/04-search-external-mongod/code_snippets/04_0325_wait_for_search_resource.sh
index 58cf9823a..9ace1e851 100644
--- a/docs/search/04-search-external-mongod/code_snippets/04_0325_wait_for_search_resource.sh
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0325_wait_for_search_resource.sh
@@ -1,3 +1,3 @@
 echo "Waiting for MongoDBSearch resource to reach Running phase..."
-kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
-  --for=jsonpath='{.status.phase}'=Running mdbs/mdbs --timeout=300s
+
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running mdbs/"${MDB_SEARCH_RESOURCE_NAME:-mdbs}" --timeout=300s
diff --git a/docs/search/04-search-external-mongod/code_snippets/04_0330_wait_for_community_resource.sh b/docs/search/04-search-external-mongod/code_snippets/04_0330_wait_for_community_resource.sh
index 939ef3fa1..94f567a17 100644
--- a/docs/search/04-search-external-mongod/code_snippets/04_0330_wait_for_community_resource.sh
+++ b/docs/search/04-search-external-mongod/code_snippets/04_0330_wait_for_community_resource.sh
@@ -1,3 +1,5 @@
 echo "Waiting for MongoDBCommunity resource to reach Running phase..."
 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
-  --for=jsonpath='{.status.phase}'=Running mdbc/mdbc-rs --timeout=400s
+  --for=jsonpath='{.status.phase}'=Running mdbc/"${MDB_RESOURCE_NAME}" --timeout=400s
+
+kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running mdbc/"${MDB_RESOURCE_NAME}" --timeout=400s
diff --git a/docs/search/04-search-external-mongod/env_variables.sh b/docs/search/04-search-external-mongod/env_variables.sh
index 8320504c6..ab562719c 100644
--- a/docs/search/04-search-external-mongod/env_variables.sh
+++ b/docs/search/04-search-external-mongod/env_variables.sh
@@ -8,6 +8,9 @@ export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME"
 export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME"
 export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME"
 
+export MDB_TLS_CA_SECRET_NAME="ca"
+export MDB_SEARCH_TLS_SECRET_NAME="mdbs-search-tls"
+
 export MDB_SEARCH_SERVICE_NAME="mdbs-search"
 export MDB_SEARCH_HOSTNAME="mdbs-search.example.com"
 
@@ -23,4 +26,4 @@ export MDB_EXTERNAL_REPLICA_SET_NAME="mdbc-rs"
 export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes"
 export OPERATOR_ADDITIONAL_HELM_VALUES=""
 
-export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_EXTERNAL_HOST_0}/?replicaSet=${MDB_EXTERNAL_REPLICA_SET_NAME}"
+export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_EXTERNAL_HOST_0}/?replicaSet=${MDB_EXTERNAL_REPLICA_SET_NAME}&tls=true&tlsCAFile=/tls/ca.crt"
diff --git a/docs/search/04-search-external-mongod/env_variables_tls.sh b/docs/search/04-search-external-mongod/env_variables_tls.sh
new file mode 100644
index 000000000..ee04d97f1
--- /dev/null
+++ b/docs/search/04-search-external-mongod/env_variables_tls.sh
@@ -0,0 +1,11 @@
+export MDB_RESOURCE_NAME="mdbc-rs"
+export MDB_TLS_CA_SECRET_NAME="${MDB_RESOURCE_NAME}-ca"
+
+export MDB_TLS_CA_CONFIGMAP="${MDB_RESOURCE_NAME}-ca-configmap"
+export MDB_TLS_SERVER_CERT_SECRET_NAME="${MDB_RESOURCE_NAME}-tls"
+
+export MDB_TLS_SELF_SIGNED_ISSUER="${MDB_RESOURCE_NAME}-selfsigned-cluster-issuer"
+export MDB_TLS_CA_CERT_NAME="${MDB_RESOURCE_NAME}-selfsigned-ca"
+export MDB_TLS_CA_ISSUER="${MDB_RESOURCE_NAME}-cluster-issuer"
+
+export CERT_MANAGER_NAMESPACE="cert-manager"
diff --git a/docs/search/04-search-external-mongod/test.sh b/docs/search/04-search-external-mongod/test.sh
index e4364d65d..77b3c75db 100755
--- a/docs/search/04-search-external-mongod/test.sh
+++ b/docs/search/04-search-external-mongod/test.sh
@@ -16,7 +16,10 @@ run 04_0046_create_image_pull_secrets.sh
 run 04_0048_configure_prerelease_image_pullsecret.sh
 run_for_output 04_0090_helm_add_mogodb_repo.sh
 run_for_output 04_0100_install_operator.sh
+run 04_0304_install_cert_manager.sh
 run 04_0305_create_mongodb_community_user_secrets.sh
+run 04_0306_prepare_cert_manager_issuer.sh
+run 04_0307_issue_tls_certificates.sh
 run 04_0310_create_mongodb_community_resource.sh
 run_for_output 04_0315_wait_for_community_resource.sh
 run 04_0320_create_mongodb_search_resource.sh
diff --git a/scripts/code_snippets/tests/test_kind_search_external_mongod_snippets.sh b/scripts/code_snippets/tests/test_kind_search_external_mongod_snippets.sh
index 54f8fc3ac..e9082c1f8 100755
--- a/scripts/code_snippets/tests/test_kind_search_external_mongod_snippets.sh
+++ b/scripts/code_snippets/tests/test_kind_search_external_mongod_snippets.sh
@@ -20,12 +20,14 @@ trap dump_logs EXIT
 
 test_dir="./docs/search/04-search-external-mongod"
 source "${test_dir}/env_variables.sh"
+source "${test_dir}/env_variables_tls.sh"
+
 echo "Sourcing env variables for ${CODE_SNIPPETS_FLAVOR} flavor"
 # shellcheck disable=SC1090
 test -f "${test_dir}/env_variables_${CODE_SNIPPETS_FLAVOR}.sh" && source "${test_dir}/env_variables_${CODE_SNIPPETS_FLAVOR}.sh"
 
 export MDB_RESOURCE_NAME="mdbc-rs"
-export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_RESOURCE_NAME}-0.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=${MDB_RESOURCE_NAME}"
+export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_RESOURCE_NAME}-0.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=${MDB_RESOURCE_NAME}&tls=true&tlsCAFile=/tls/ca.crt"
 
 ${test_dir}/test.sh