Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15494

Certification expiration warning improvements

    XMLWordPrintable

Details

    • Improvement
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • 2.7.6
    • None
    • Security

    Description

      As of 2.7 we issue warning for long running mongod that the certificate it is using is about to expire.

      When starting mongod with a certificate about to be expire we issue no such warning until 24hours after launching mongod.
      The warning should be printed into the startupLog at startup, which also makes it visible in MMS.

      Furthermore, once the certificate expires (on a running mongod) mongod will happily continue to run (issuing a warning message that the certificate is expired into the logs) - and leaves it up to the clients to decide on trusting the certificate or not.
      If mongod is restarted for any reason - it will not startup again. It will abort due to expired certificate.
      This seems very inconsistent and unexpected behaviour. There should be a way to --i-know-its-expired-but-I-must-startup-mongod

      Attachments

        Issue Links

          Activity

            People

              backlog-server-security Backlog - Security Team
              bjori Hannes Magnusson
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: