Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-5317

Explain need for --host option when using SSL

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • Server_Docs_20231030
    • mongodb-3.0
    • manual
    • None

    Description

      http://docs.mongodb.org/manual/reference/program/mongo/

      3.0 has new option sslAllowInvalidHostnames, which is documented. What doesn't appear to be documented in 3.0's new handling of hostname validation when --sslAllowInvalidHostnames is not used:

      • mongod will check that the hostname of the host to which the connection was made matches the hostname in the certificate
      • if --host is not specified on the command line, the mongo shell will succeed in connecting to the default of 127.0.0.1/localhost, but that will likely not match the hostname in the certificate, causing the authentication to fail with error "The server certificate does not match the host name"

      Attachments

        Activity

          People

            allison.moore@mongodb.com Allison Reinheimer Moore
            eric.sommer@mongodb.com Eric Sommer
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              7 years, 41 weeks, 2 days ago