Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15494

Certification expiration warning improvements

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.7.6
    • Component/s: Security
    • Labels:
    • Server Security

      As of 2.7 we issue warning for long running mongod that the certificate it is using is about to expire.

      When starting mongod with a certificate about to be expire we issue no such warning until 24hours after launching mongod.
      The warning should be printed into the startupLog at startup, which also makes it visible in MMS.

      Furthermore, once the certificate expires (on a running mongod) mongod will happily continue to run (issuing a warning message that the certificate is expired into the logs) - and leaves it up to the clients to decide on trusting the certificate or not.
      If mongod is restarted for any reason - it will not startup again. It will abort due to expired certificate.
      This seems very inconsistent and unexpected behaviour. There should be a way to --i-know-its-expired-but-I-must-startup-mongod

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            bjori Hannes Magnusson
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: