[DOCS-11426] Docs for SERVER-32980: Add certificate selector for Apple for SecureTransport Created: 08/Mar/18 Updated: 29/Oct/23 Resolved: 27/Jun/18 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual |
| Affects Version/s: | None |
| Fix Version/s: | 3.7.2, 3.7.3 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Kay Kim (Inactive) | Assignee: | Susan Kerschbaumer (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Days since reply: | 5 years, 6 days ago | ||||||||||||||||||||||||
| Epic Link: | DOCS: 4.0 Server | ||||||||||||||||||||||||
| Story Points: | 1 | ||||||||||||||||||||||||
| Description |
Documentation Request Summary:This implements the user-facing piece of PM-305's certificate selector specification. Apple and Windows implementations still need to handle the values which will come in later commits. Engineering Ticket Description:The new option will be called a “Certificate Selector” for each option used to read a PEM file today. No new options will be used to read CA certs or CRL lists as these will be retrieved from the system certificate store by the native SSL library automatically. Both platforms will check OCSP for CRLs.
It is a startup error to specify a certificate selector and file for the same parameter. The format of the certificate selector is: <certificate property>=<value> The following certificate properties are supported:
The property names are case-sensitive. For subject name, the match is exact, case-sensitive string match. Only one property may be specified in a search. In the case of two or more certificates matching the same search criteria, the certificate returned is undefined, and depends on the OS behavior. Scope of changes:
The approach will be to add a reference to the Apple/Windows options everytime we reference configuring a .pem file. Possible implicated files are: https://docs.mongodb.com/manual/tutorial/configure-ssl/ https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/index.html https://docs.mongodb.com/manual/tutorial/upgrade-cluster-to-ssl/index.html
Impact to other docs outside of this product:MVP:Resources: |
| Comments |
| Comment by Githook User [ 07/Feb/19 ] |
|
Author: {'name': 'Kay Kim', 'email': 'kay.kim@mongodb.com'}Message: |
| Comment by Githook User [ 07/Feb/19 ] |
|
Author: {'name': 'Kay Kim', 'email': 'kay.kim@mongodb.com'}Message: |
| Comment by Githook User [ 26/Jun/18 ] |
|
Author: {'username': 'kay-kim', 'name': 'kay', 'email': 'kay.kim@10gen.com'}Message: |
| Comment by Githook User [ 26/Jun/18 ] |
|
Author: {'username': 'kay-kim', 'name': 'kay', 'email': 'kay.kim@10gen.com'}Message: |
| Comment by Githook User [ 26/Jun/18 ] |
|
Author: {'username': 'kay-kim', 'name': 'kay', 'email': 'kay.kim@10gen.com'}Message: |
| Comment by Githook User [ 26/Jun/18 ] |
|
Author: {'username': 'skerschb', 'name': 'skerschb', 'email': 'sue.kerschbaumer@10gen.com'}Message: |
| Comment by Githook User [ 26/Jun/18 ] |
|
Author: {'username': 'skerschb', 'name': 'skerschb', 'email': 'sue.kerschbaumer@10gen.com'}Message: |