Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-27299

Add the ability to restrict power of Certificate Authorities

    XMLWordPrintable

    Details

      Description

      Certificate Authorities(CAs) loaded into MongoDB processes are used to validate certificates presented by clients. Client certificates can be used to prove clients were granted a certificate before they connected, perform client authentication, or perform intra-cluster authentication, or perform authorization.

      It would be useful to be able to restrict how certificates issued by a particular CA, or CAs it has delegated signing authority to, may be used. This could be done by adding a configuration option to MongoDB which would accept a mapping from CA Serial Numbers to the list of actions that the CA may be used for.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated: