Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-39571

mongod cannot verify certificates from the CNG provider

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.0.7, 4.1.9
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Fully Compatible
    • ALL
    • v4.0
    • Hide

      1. Call New-SelfSignedCertificate
      2. ./mongo.exe --ssl --sslCertificateSelector thumbprint=<thumbprint>

      Show
      1. Call New-SelfSignedCertificate 2. ./mongo.exe --ssl --sslCertificateSelector thumbprint=<thumbprint>
    • Security 2019-03-11

      When MongoD loads a certificate from the Windows certificate store, it verifies there is a accessible private key to give users a clear error. This works correctly for CryptAPI created certificates but not CNG created certificates.

      Additionally, we should warn users that if we get NTE_BAD_KEYSET, they need to fix their permissions on the private key when we load a CNG certificate.

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: