[DOCS-11643] Proxy Server PEM File documentation for Queryable Restores omits mention of the private key Created: 23/Apr/18  Updated: 29/Oct/23  Resolved: 07/May/18

Status: Closed
Project: Documentation
Component/s: Cloud Manager, Ops Manager
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Mariano Escribano Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 5 years, 40 weeks, 2 days ago
Epic Link: DOCSP-1743

 Description   

The prerequisites section of the documentation for queryable restores references a PEM file that needs to be configured, though the only way to get any details of what this file should be is by clicking on the field name itself which links to the configuration reference here.

The description for this parameter is then unclear about what the PEM file should contain, and simply states:

The Certificate Authority (CA) PEM file that contains one or more trusted certificates. Corresponds to brs.queryable.pem in the configuration file setting.

Somewhere here we should mention that this CA PEM file should contain both the public certificate, as well as the private key, and look something like:

-----BEGIN CERTIFICATE-----
...truncated...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...truncated...
-----END RSA PRIVATE KEY-----

Without this clarification, we have to add an additional note every time we link to the docs for enabling queryable restores. Otherwise, the customer may think that it is enough to have just the public certificate in the pem file, as is normal for every other mongod or Ops Manager config where the CA.pem file does not need to contain the key.

Here is an error from Ops Manager if it is unclear where I got this requirement from:

2018-04-23T23:12:57.690+0000 [ProxyServer-25999] ERROR com.xgen.svc.brs.web.svc.BackupSnapshotQuerySvc [BackupSnapshotQuerySvc.java.reloadPEM:132] - Failed to load PEM file for backup tunnel.
java.lang.RuntimeException: Certificate and private key must be in PEM file. File: /etc/ssl/certs/ca.pem



 Comments   
Comment by Githook User [ 07/May/18 ]

Author:

{'email': 'kay.kim@10gen.com', 'name': 'kay', 'username': 'kay-kim'}

Message: DOCS-11643: PEM key file clarification
Branch: v3.6
https://github.com/10gen/mms-docs/commit/b97562b0c42113a7ed579403201792a9de265ca1

Comment by Githook User [ 07/May/18 ]

Author:

{'email': 'kay.kim@10gen.com', 'name': 'kay', 'username': 'kay-kim'}

Message: DOCS-11643: PEM key file clarification
Branch: master
https://github.com/10gen/mms-docs/commit/aa0fb90aee09026864571da01319bc5607830bb2

Generated at Thu Feb 08 08:03:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.