Add the ability to restrict power of Certificate Authorities

XMLWordPrintableJSON

    • Server Security
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Certificate Authorities(CAs) loaded into MongoDB processes are used to validate certificates presented by clients. Client certificates can be used to prove clients were granted a certificate before they connected, perform client authentication, or perform intra-cluster authentication, or perform authorization.

      It would be useful to be able to restrict how certificates issued by a particular CA, or CAs it has delegated signing authority to, may be used. This could be done by adding a configuration option to MongoDB which would accept a mapping from CA Serial Numbers to the list of actions that the CA may be used for.

              Assignee:
              [DO NOT USE] Backlog - Security Team
              Reporter:
              Spencer Jackson
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: