Description
In SERVER-37296, an external user was trying to setup KMIP and had trouble with his certificate in a way that ended up being difficult for him to troubleshoot.
He asked (indirectly) if we could provide a link or text include from the KMIP setup page to the TLS documentations, specifically highlighting this paragraph:
The mongo shell verifies that the hostname (specified in --host option or the connection string) matches the SAN (or, if SAN is not present, the CN) in the certificate presented by the mongod or mongos. If SAN is present, mongo does not match against the CN. If the hostname does not match the SAN (or CN), the mongoshell will fail to connect.
Scope of changes
Impact to Other Docs
MVP (Work and Date)
Resources (Scope or Design Docs, Invision, etc.)
|