-
Type:
Improvement
-
Status: Open
-
Priority:
Major - P3
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: Backlog
-
Component/s: Admin, Networking, Security
-
Labels:
Certificate Authorities(CAs) loaded into MongoDB processes are used to validate certificates presented by clients. Client certificates can be used to prove clients were granted a certificate before they connected, perform client authentication, or perform intra-cluster authentication, or perform authorization.
It would be useful to be able to restrict how certificates issued by a particular CA, or CAs it has delegated signing authority to, may be used. This could be done by adding a configuration option to MongoDB which would accept a mapping from CA Serial Numbers to the list of actions that the CA may be used for.