Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-5317

Explain need for --host option when using SSL

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • Server_Docs_20231030
    • Affects Version/s: mongodb-3.0
    • Component/s: manual
    • Labels:
      None

      http://docs.mongodb.org/manual/reference/program/mongo/

      3.0 has new option sslAllowInvalidHostnames, which is documented. What doesn't appear to be documented in 3.0's new handling of hostname validation when --sslAllowInvalidHostnames is not used:

      • mongod will check that the hostname of the host to which the connection was made matches the hostname in the certificate
      • if --host is not specified on the command line, the mongo shell will succeed in connecting to the default of 127.0.0.1/localhost, but that will likely not match the hostname in the certificate, causing the authentication to fail with error "The server certificate does not match the host name"

            Assignee:
            allison.moore@mongodb.com Allison Reinheimer Moore
            Reporter:
            eric.sommer@mongodb.com Eric Sommer
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:
              8 years, 1 day ago