Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-2972

Highlight self-signed certificates are susceptible to MITM attacks

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Duplicate
    • Icon: Major - P3 Major - P3
    • 01112017-cleanup
    • None
    • None
    • None

    Description

      http://docs.mongodb.org/manual/tutorial/configure-ssl/ starts off with setting up MongoD and MongoS with SSL using a self-signed certificates without high-lighting the risks with self-signed certificates i.e. being susceptible to MITM attacks.

      A security aware person may know the differences and make appropriate choices to have a verified SSL setup, but most of our users depend on documentation to highlight any such risks. This came up recently in the linked CS ticket and I believe adding some warning there and to mention that using self-signed certificate is not something we suggest for normal deployment would be useful.

      In it's current form, it looks like we suggest using self-signed certificates (since we are providing steps to create one without any further warning).

      Attachments

        Activity

          People

            kay.kim@mongodb.com Kay Kim (Inactive)
            anil.kumar Anil Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              9 years, 47 weeks, 2 days ago