[DOCS-11689] Require SSL certificate be verifiable with x.509 authentication Created: 11/May/18  Updated: 13/Nov/23  Resolved: 21/Jun/18

Status: Closed
Project: Documentation
Component/s: Server
Affects Version/s: None
Fix Version/s: 3.7.9, 3.2.21, 3.6.6, 3.4.16, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-34888 Track status of SSLPeerInfo Closed
Related
Participants:
Days since reply: 5 years, 22 weeks, 5 days ago
Epic Link: DOCS: 4.0 Server
Story Points: 0.5

 Description   

Description:

This change tightens the enforcement of MONGODB-X509 authentication by requiring the SSL certificate be verifiable regardless of the state of the --sslAllowInvalidCertificates setting. This has a not-insignificant chance of breaking existing users who are "doing X509 wrong".

Please consult the linked SECURITY ticket and parties involved when writing any documentation related to this change.

Scope of changes:

  • Settings/options (for all the binaries)
    • sslAllowInvalidCertificates (reference/configuration-options)
  • Parameters page has authenticationMechanisms and clusterAuthMode params – but for now, I think the blurb should be associated with the allow invalid certificates rather than stating in these params because that would be more or less stating that people should use valid certificates
  • x509 tutorials. For now, will only update x509 specific tutorials and skip the general ssl tutorials.

Impact to other docs outside of this product:

BI Connector: https://docs.mongodb.com/bi-connector/current/reference/mongodrdl/index.html

MVP:

Resources:



 Comments   
Comment by Githook User [ 07/Sep/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-11689: x509 and invalid Certificates
Branch: v3.2
https://github.com/mongodb/docs/commit/1eb751dac3ac9006f9f392fab11f0e9de59b36f1

Comment by Githook User [ 12/Jul/18 ]

Author:

{'username': 'kay-kim', 'name': 'kay', 'email': 'kay.kim@10gen.com'}

Message: DOCS-11689: x509 and invalid Certificates
Branch: v3.4
https://github.com/mongodb/docs/commit/79295be0eaeb1f44f7d9288babd1daebeb275fec

Comment by Githook User [ 12/Jul/18 ]

Author:

{'username': 'kay-kim', 'name': 'kay', 'email': 'kay.kim@10gen.com'}

Message: DOCS-11689: x509 and invalid Certificates
Branch: v3.6
https://github.com/mongodb/docs/commit/451d133a211464c2b937d135116ab07a33429ea9

Comment by Githook User [ 21/Jun/18 ]

Author:

{'username': 'kay-kim', 'name': 'kay', 'email': 'kay.kim@10gen.com'}

Message: DOCS-11689: x509 and invalid Certificates
Branch: master
https://github.com/mongodb/docs/commit/abd6fc07d55d137b4f18fecb4d6564c620a61369

Generated at Thu Feb 08 08:03:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.