Add a config setting to fetch certs from system CA

XMLWordPrintableJSON

    • Type: New Feature
    • Resolution: Gone away
    • Priority: Major - P3
    • 2.3.0
    • Affects Version/s: None
    • Component/s: None
    • Environment:
      OS: RHEL8
      node.js / npm versions:
      Additional info:
    • Not Needed
    • Developer Tools

      Problem Statement/Rationale

      When upgrading from mongo to mongosh users are required to pass an additional parameter of `–tlsUseSystemCA` to fetch the certs from the system CA store. This introduces some confusion and behavior change when users migrate from mongo->mongosh.

      e.g: `mongosh --host $(hostname -f) --port 26018 --tls --tlsUseSystemCA`

      Please be sure to attach relevant logs with any sensitive data redacted.
      How to retrieve logs for: Compass; Shell

      Steps to Reproduce

      See above original message

      Expected Results

      mongosh to make the connection without throwing `MongoServerSelectionError: self-signed certificate in certificate chain`

      Potential Solution

      We have discussed a potential solution where we add a config setting to enable `tlsUseSystemCA` so users don't have to pass the parameter each time they make a connection with mongosh. 

              Assignee:
              Unassigned
              Reporter:
              Gaurab Aryal
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: