-
Type: Task
-
Resolution: Duplicate
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
http://docs.mongodb.org/manual/tutorial/configure-ssl/ starts off with setting up MongoD and MongoS with SSL using a self-signed certificates without high-lighting the risks with self-signed certificates i.e. being susceptible to MITM attacks.
A security aware person may know the differences and make appropriate choices to have a verified SSL setup, but most of our users depend on documentation to highlight any such risks. This came up recently in the linked CS ticket and I believe adding some warning there and to mention that using self-signed certificate is not something we suggest for normal deployment would be useful.
In it's current form, it looks like we suggest using self-signed certificates (since we are providing steps to create one without any further warning).
- duplicates
-
DOCS-2926 Update the SSL tutorial's information on certificates
- Closed