[DOCS-12092] Improve KMIP CN/SAN Documentation Created: 27/Sep/18  Updated: 30/Oct/23  Resolved: 13/Nov/18

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Improvement Priority: Major - P3
Reporter: Gregory McKeon (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-37296 Did KMIP CN requirement change to SAN? Closed
Participants:
Days since reply: 5 years, 13 weeks, 1 day ago
Epic Link: DOCSP-1769

 Description   

Description

Quoting from a user: 

I see, so the issue here was my understanding and documentation. Since my only interaction with MongoDB deployment is doing KMIP setup, I never ventured into the MongoDB client TLS documentation. After looking through the docs, this section from TLS:

The mongo shell verifies that the hostname (specified in --host option or the connection string) matches the SAN (or, if SAN is not present, the CN) in the certificate presented by the mongod or mongos. If SAN is present, mongo does not match against the CN. If the hostname does not match the SAN (or CN), the mongoshell will fail to connect.

Would be amazing to have in the KMIP section. Definitely spent a fair amount of time doing horrible workarounds to have matching CNs because I didn't realize there was SAN support (all errors had indicated CN in my case).

Carry on.

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: add SAN/CN blurb to another section
Branch: master
https://github.com/mongodb/docs/commit/9a53d719cf44fa09178779ea1ad95c960ea4587f

Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: add SAN/CN blurb to another section
Branch: v3.6
https://github.com/mongodb/docs/commit/6b5afaae93411ec8fcd49906fb8e28e5fdd7376e

Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: add SAN/CN blurb to another section
Branch: v4.0
https://github.com/mongodb/docs/commit/cfb02eb31bdd6cb575efdf58b8fe24a594576af7

Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: spell out SAN and CN
Branch: v3.6
https://github.com/mongodb/docs/commit/8f7d1aae76c96fb6d1b785063b321bad8133da42

Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: clarify --kmipServerName and KMIP server certificate
Branch: v3.6
https://github.com/mongodb/docs/commit/1ab75bef93f2306e1aff87e59027b4ed2f847a9e

Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: spell out SAN and CN
Branch: v4.0
https://github.com/mongodb/docs/commit/3b8a31a9c73c978f02eb6a0927ece82581a2953d

Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: clarify --kmipServerName and KMIP server certificate
Branch: v4.0
https://github.com/mongodb/docs/commit/1741083ddbc45068c863116f0b6fbd80084ce068

Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: spell out SAN and CN
Branch: master
https://github.com/mongodb/docs/commit/e50d63852ea989c888a134d47e0690be9be4c0b9

Comment by Githook User [ 13/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12092: clarify --kmipServerName and KMIP server certificate
Branch: master
https://github.com/mongodb/docs/commit/944710f6640b6a20646e873f8f0c07c8f1d2e8d4

Comment by Kay Kim (Inactive) [ 23/Oct/18 ]

No worries.  And it is

Comment by Gregory McKeon (Inactive) [ 23/Oct/18 ]

Assigned the ticket, because I wasn't sure if unassigned is allowed in DOCS.

Generated at Thu Feb 08 08:04:23 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.