Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-39571

mongod cannot verify certificates from the CNG provider

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.0.7, 4.1.9
    • Security
    • None
    • Fully Compatible
    • ALL
    • v4.0
    • Hide

      1. Call New-SelfSignedCertificate
      2. ./mongo.exe --ssl --sslCertificateSelector thumbprint=<thumbprint>

      Show
      1. Call New-SelfSignedCertificate 2. ./mongo.exe --ssl --sslCertificateSelector thumbprint=<thumbprint>
    • Security 2019-03-11

    Description

      When MongoD loads a certificate from the Windows certificate store, it verifies there is a accessible private key to give users a clear error. This works correctly for CryptAPI created certificates but not CNG created certificates.

      Additionally, we should warn users that if we get NTE_BAD_KEYSET, they need to fix their permissions on the private key when we load a CNG certificate.

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: