Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15556

Verify CA validity

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security
    • Server Security

    Description

      Even though providing a Certificate Authority is required, no attempts are made to enforce it is still valid.

      openssl genrsa -out CAPCA.key 2048
      openssl req -x509 -new -nodes -key CAPCA.key -out CAPCA.pem -subj "/C=US/ST=California/OU=CAPRoot/L=Palo Alto/CN=127.0.0.1" -days -1
      openssl req -new -newkey rsa:1024 -nodes -out Bongo.req -keyout Bongo.key -subj "/C=US/ST=California/OU=CAP/L=Palo Alto/CN=127.0.0.1" -days 2
      openssl x509 -CA CAPCA.pem -CAkey CAPCA.key -CAcreateserial -req -in Bongo.req -out Bongo.pem -days 2
      cat Bongo.key Bongo.pem > combined.pem
      mongod --sslMode requireSSL --sslPEMKeyFile combined.pem --sslCAFile CAPCA.pem --smallfiles --dbpath /tmp --port 2000

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            bjori Hannes Magnusson
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: