Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15494

Certification expiration warning improvements

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: 2.7.6
    • Fix Version/s: Backlog
    • Component/s: Security
    • Labels:

      Description

      As of 2.7 we issue warning for long running mongod that the certificate it is using is about to expire.

      When starting mongod with a certificate about to be expire we issue no such warning until 24hours after launching mongod.
      The warning should be printed into the startupLog at startup, which also makes it visible in MMS.

      Furthermore, once the certificate expires (on a running mongod) mongod will happily continue to run (issuing a warning message that the certificate is expired into the logs) - and leaves it up to the clients to decide on trusting the certificate or not.
      If mongod is restarted for any reason - it will not startup again. It will abort due to expired certificate.
      This seems very inconsistent and unexpected behaviour. There should be a way to --i-know-its-expired-but-I-must-startup-mongod

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              backlog-server-security Backlog - Security Team
              Reporter:
              bjori Hannes Magnusson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated: