Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-19174

net.ssl.mode allowSSLIssuerDN mode

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Networking
    • None
    • Fully Compatible
    • Security 6 07/17/15

    Description

      In cloud based environments with an internal CA a situation arises whereby a mongo cluster at release A is already enrolled with a CA also from release A but during release B the CA might have been rebuilt and thus the cluster can't be formed with strict net.ssl.mode settings. It depends how the clustering is implemented and the timing of each mongo node deployments but such a situation has arisen.

      Rather than lower the SSL authentication could we propose an additional net.ssl.mode for matching issuer DN values rather than failing due to changes in issuer certificate version numbers ?

      net.ssl.mode=allowSSLIssuerDN
      net.ssl.issuerDN='CN=issuer.internal'

      Attachments

        Activity

          People

            andreas.nilsson Andreas Nilsson
            pauldavidgilligan Paul Gilligan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: