Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12092

Improve KMIP CN/SAN Documentation

    XMLWordPrintableJSON

Details

    Description

      Description

      Quoting from a user: 

      I see, so the issue here was my understanding and documentation. Since my only interaction with MongoDB deployment is doing KMIP setup, I never ventured into the MongoDB client TLS documentation. After looking through the docs, this section from TLS:

      The mongo shell verifies that the hostname (specified in --host option or the connection string) matches the SAN (or, if SAN is not present, the CN) in the certificate presented by the mongod or mongos. If SAN is present, mongo does not match against the CN. If the hostname does not match the SAN (or CN), the mongoshell will fail to connect.

      Would be amazing to have in the KMIP section. Definitely spent a fair amount of time doing horrible workarounds to have matching CNs because I didn't realize there was SAN support (all errors had indicated CN in my case).

      Carry on.

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

      Attachments

        Activity

          People

            kay.kim@mongodb.com Kay Kim (Inactive)
            greg.mckeon@mongodb.com Gregory McKeon (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              5 years, 13 weeks, 1 day ago