[DOCS-11607] Docs for SERVER-32979: Add certificate selector for Windows for SChannel Created: 13/Apr/18  Updated: 29/Oct/23  Resolved: 26/Jun/18

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 3.7.4

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: Susan Kerschbaumer (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-32979 Add certificate selector for Windows ... Closed
Related
related to DOCS-11522 Docs for SERVER-34139: Add certificat... Closed
Participants:
Days since reply: 5 years, 43 weeks, 5 days ago
Epic Link: DOCS: 4.0 Server

 Description   

Documentation Request Summary:

No documentation summary in engineering ticket

Engineering Ticket Description:

The new option will be called a “Certificate Selector” for each option used to read a PEM file today. No new options will be used to read CA certs or CRL lists as these will be retrieved from the system certificate store by the native SSL library automatically. Both platforms will check OCSP for CRLs.

Existing Option New Option Config Name
sslPEMKeyFile sslCertificateSelector net.ssl.CertificateSelector
sslClusterFile sslClusterCertificateSelector net.ssl.ClusterCertificateSelector
kmipClientCertificateFile kmipClientCertificateSelector security.kmip.ClientCertificateSelector

It is a startup error to specify a certificate selector and file for the same parameter.

The format of the certificate selector is:

<certificate property>=<value>

The following certificate properties are supported:

Property Value Description
subject An ASCII string Matches Subject Name
thumbprint Hex string Matches Thumbprint

The property names are case-sensitive. For subject name, the match is exact, case-sensitive string match. Only one property may be specified in a search. In the case of two or more certificates matching the same search criteria, the certificate returned is undefined, and depends on the OS behavior.

Scope of changes:

Impact to other docs outside of this product:

MVP:

Resources:


Generated at Thu Feb 08 08:03:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.