When setting up a replicaset using SSL, people might rely on certificates signed by a trusted parent certificate. In this case they might not use hostnames at all.

A Mongo server does not want to connect to another Mongo server if the SSL hostname doesnt match. Setting net.ssl.allowInvalidCertificates to true solves this, but also makes the whole setup completely insecure.

The option net.ssl.allowInvalidHostnames works and is very useful and secure for such setups.

I found it in the code (also as an option to the mongo shell), but not in the documentation: http://docs.mongodb.org/manual/reference/configuration-options/#net.ssl.allowInvalidCertificates