Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-11689

Require SSL certificate be verifiable with x.509 authentication

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.7.9, 3.2.21, 3.6.6, 3.4.16
    • Server
    • None

    Description

      Description:

      This change tightens the enforcement of MONGODB-X509 authentication by requiring the SSL certificate be verifiable regardless of the state of the --sslAllowInvalidCertificates setting. This has a not-insignificant chance of breaking existing users who are "doing X509 wrong".

      Please consult the linked SECURITY ticket and parties involved when writing any documentation related to this change.

      Scope of changes:

      • Settings/options (for all the binaries)
        • sslAllowInvalidCertificates (reference/configuration-options)
      • Parameters page has authenticationMechanisms and clusterAuthMode params – but for now, I think the blurb should be associated with the allow invalid certificates rather than stating in these params because that would be more or less stating that people should use valid certificates
      • x509 tutorials. For now, will only update x509 specific tutorials and skip the general ssl tutorials.

      Impact to other docs outside of this product:

      BI Connector: https://docs.mongodb.com/bi-connector/current/reference/mongodrdl/index.html

      MVP:

      Resources:

      Attachments

        Issue Links

          Activity

            People

              kay.kim@mongodb.com Kay Kim (Inactive)
              kay.kim@mongodb.com Kay Kim (Inactive)
              Ravind Kumar Ravind Kumar (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                3 years, 43 weeks ago