A significant hurdle to getting certain software accredited is removing all cleartext passwords from persistent storage on systems. As such, using a mongod startup script that included "--sslPEMKeyPassword <yourpassword>" would be a violation. The most straightforward solution to get around this would probably be allowing for interactive password entry whenever it isn't specified in SSL mode.
- is related to
-
DOCS-1984 Document: alternate password entry mechanism for PEM key
- Closed
- related to
-
SERVER-8727 Speculative - possible to recover certificate password with gdb?
- Closed