Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14655

x.509 certificate authentication requires O,OU to differ between client and server

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major - P3
    • Resolution: Duplicate
    • 2.6.3
    • None
    • Security
    • Security
    • Security 2020-08-10

    Description

      For x.509 certificate authentication, MongoDB server will consider a certificate with identical subject name properties, a member of the cluster and not a client. For some organizations it may not be possible to obtain certificates meeting this requirement.

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. SERVER-74989 Create configuration file option for custom X.509 subject name matching

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. SERVER-74999 Create configuration file option for custom X.509 extension for cluster membership

          • Major - P3 - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-54136 Make the authenticate command respect enforceUserClusterSeparation

          • Major - P3 - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-45938 Allow matching O/OU/DC in client x509 cert if clusterMode:keyFile

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              backlog-server-security Backlog - Security Team
              mark.helmstetter@mongodb.com Mark Helmstetter
              Votes:
              6 Vote for this issue
              Watchers:
              31 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: