Uploaded image for project: 'MongoDB Shell'
  1. MongoDB Shell
  2. MONGOSH-1692

Add a config setting to fetch certs from system CA

XMLWordPrintableJSON

    • Type: Icon: New Feature New Feature
    • Resolution: Gone away
    • Priority: Icon: Major - P3 Major - P3
    • 2.3.0
    • Affects Version/s: None
    • Component/s: None
    • Environment:
      OS: RHEL8
      node.js / npm versions:
      Additional info:
    • Developer Tools
    • Not Needed

      Problem Statement/Rationale

      When upgrading from mongo to mongosh users are required to pass an additional parameter of `–tlsUseSystemCA` to fetch the certs from the system CA store. This introduces some confusion and behavior change when users migrate from mongo->mongosh.

      e.g: `mongosh --host $(hostname -f) --port 26018 --tls --tlsUseSystemCA`

      Please be sure to attach relevant logs with any sensitive data redacted.
      How to retrieve logs for: Compass; Shell

      Steps to Reproduce

      See above original message

      Expected Results

      mongosh to make the connection without throwing `MongoServerSelectionError: self-signed certificate in certificate chain`

      Potential Solution

      We have discussed a potential solution where we add a config setting to enable `tlsUseSystemCA` so users don't have to pass the parameter each time they make a connection with mongosh. 

            Assignee:
            Unassigned Unassigned
            Reporter:
            gaurab.aryal@mongodb.com Gaurab Aryal
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: