Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12212

Ops Manager's Client Certificate Mode option sets weakCertificateValidation instead of allowConnectionsWithoutCertificates in the mongod config

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Ops Manager
    • Labels:
      None

      Description

      Description

      In the following page of the Ops Manager documentation: https://docs.opsmanager.mongodb.com/current/tutorial/enable-ssl-for-a-deployment/#specify-the-ssl-settings
      we explain the differences between Client Certificate Mode OPTIONAL and REQUIRED, both of which directly relate to the corresponding MongoDB parameter net.ssl.allowConnectionsWithoutCertificates. However, for backwards compatibility purposes, Ops Manager still uses the deprecated but equivalent parameter net.ssl.weakCertificateValidation to reflect this setting.

      Can we please amend this first sentence to make mention of the MongoDB configuration parameter that will actually get used when this mode is changed? Example:

      Specify whether client TLS/SSL certificates are optional or required for every MongoDB deployment in the project. 
       
      Note: For backward compatibility purposes, Ops Manager will continue using the [net.ssl.weakCertificateValidation|https://docs.mongodb.com/manual/release-notes/3.0-compatibility/#tls-ssl-configuration-option-changes] parameter to implement this in the MongoDB configuration file. 
      

      This will prevent confusion for users who wonder what keeps adding this old parameter when their deployments are managed by Ops Manager.

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

        Attachments

          Activity

            People

            Assignee:
            tony.sansone Anthony Sansone
            Reporter:
            mariano.escribano Mariano Escribano
            Participants:
            Last commenter:
            Anthony Sansone Anthony Sansone
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since reply:
              3 years, 2 weeks, 5 days ago
              Date of 1st Reply: