Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-5504

X509: User certificates and server certificates should have different DC-OU-O combinations

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 01112017-cleanup
    • None
    • Server
    • None

    Description

      We should explicitly warn users that when they create app certificates, they should use a different DC-OU-O combination than they used for server certificates.

      Since we are using the DC-OU-O part of the cert subject name to detect internal connections in the replica set, any user that has the same DC-OU-O combination in his certificate will be treated as the internal user (i.e. __system) and he will get wrong privileges.

      Attachments

        Activity

          People

            kay.kim@mongodb.com Kay Kim (Inactive)
            alex.komyagin@mongodb.com Alexander Komyagin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              8 years, 37 weeks, 6 days ago