-
Type: Task
-
Resolution: Won't Do
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: manual
-
Labels:
-
Environment:all
*Location*: https://docs.mongodb.com/manual/tutorial/configure-x509-member-authentication/
*User-Agent*: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
*Referrer*: https://www.google.nl/
*Screen Resolution*: 1920 x 1080
-
1
This page contains information that is not clear and contradictuous. It is specifically about the 'extendedKeyUsage' attribute:
If the certificate includes the Extended Key Usage (extendedKeyUsage) setting, the value must include clientAuth (“TLS Web Client Authentication”).
extendedKeyUsage = clientAuth
You can also use a certificate that does not include the Extended Key Usage (EKU).
In the next paragraph it states:
Omit extendedKeyUsage or
Specify extendedKeyUsage values that include clientAuth in addition to serverAuth.
The second statement is VALID (include clientAuth and serverAuth). The first statement is INVALID (include only clientAuth).