[DOCS-12329] Docs for SERVER-38430: Rename tlsPEMKeyFile and tlsPEMKeyPassword in client and server Created: 07/Jan/19  Updated: 13/Nov/23  Resolved: 15/Feb/19

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 4.1.6, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-37962 Create tlsMode setParameter Closed
documents SERVER-38430 Rename tlsPEMKeyFile and tlsPEMKeyPas... Closed
Gantt Dependency
has to be done before DOCS-12188 Docs for SERVER-37833: Make DBClient ... Closed
Participants:
Days since reply: 4 years, 51 weeks, 5 days ago
Epic Link: DOCS: 4.2 Server/Tools

 Description   

Description

Description:

This renames the TLS certificate file options to match the correspond to their names in the Mongo URI spec.

Engineering Ticket Description:

To unify with mongodb:// URI options, we'll rename the tlsPEMKeyFile/tlsPEMKeyPassword to tlsCertificateKeyFile/tlsCertificateKeyFilePassword.

Also, since tlsPEMKeyFile/Password were only just introduced in the 4.1 dev branch (renamed from ssl*), we'll remove the tlsPEMKeyFile/Password settings entirely, leaving only the ssl* variants as deprecated aliases.

The idl definitions in ssl_options_server.idl and ssl_options_client.idl would thus look like:

  "net.tls.certificateKeyFile":       # Changed from "net.tls.PEMKeyFile"
    description: "PEM file for TLS"
    short_name: tlsCertificateKeyFile   # Changed from "tlsPEMKeyFile"
    deprecated_name: "net.ssl.PEMKeyFile"
    deprecated_short_name: sslPEMKeyFile
    arg_vartype: String
  "net.tls.certificateKeyFilePassword":      # Changed form "net.tls.PEMKeyPassword"
    description: "PEM file password"
    short_name: tlsCertificateKeyFilePassword       # Changed from: tlsPEMKeyPassword
    deprecated_name: "net.ssl.PEMKeyPassword"
    deprecated_short_name: sslPEMKeyPassword
    arg_vartype: String
    cpp_varname: sslGlobalParams.sslPEMKeyPassword
    implicit: ''

Scope of changes

  • 4.2
  • 4.2-compat (not sure if we want to explicitly call out the name change – currently, we just state tls override ssl)
  • connection-string (Need to add the tls options)
  • mongod options + mongod + mongos
  • config file options + config file  + configuration-file-settings-command-line-options-mapping
  • mongo options + mongo
    • Add all the tls options (note: mongo shell options are missing all the tls options, need to add all and deprecate ssl options)
    • mongo ssl references
  • source/core/security-internal-authentication.txt
  • source/core/security-x.509.txt
  • tutorials
    • source/tutorial/configure-ssl-clients.txt
    • source/tutorial/configure-ssl.txt
    • source/tutorial/configure-fips.txt
    • source/tutorial/configure-x509-client-authentication.txt
    • source/tutorial/configure-x509-member-authentication.txt
    • source/tutorial/upgrade-cluster-to-ssl.txt
    • source/tutorial/upgrade-keyfile-to-x509.txt
    • source/appendix/security/appendixB-openssl-server.txt
    • source/appendix/security/appendixC-openssl-client.txt
  • references
    • source/reference/expansion-directives.txt - since new page for 4.2, not even going to reference old sslpem
    • source/reference/parameters.txt
      • add examples using tls
      • add tlsMode param and link to and from sslMode param
    • source/reference/command/serverStatus.txt
  • source/includes/extracts-tls-facts.yaml
  • source/includes/extracts-x509-certificate.yaml
  • Upgrades - post upgrade, update options
  • Downgrade - update the options before downgrading

note The following programs are on the old sslOptions (i.e. not even tls options – for those that take uri, will need to note that they don't support the new tls options in the uri string)

  • source/reference/program/mongodump.txt
  • source/reference/program/mongoexport.txt
  • source/reference/program/mongofiles.txt
  • source/reference/program/mongoimport.txt
  • source/reference/program/mongorestore.txt
  • source/reference/program/mongostat.txt
  • source/reference/program/mongotop.txt

check references for mongo-shell-ssl

Impact to Other Docs

Probably if cloud products explose the tls options, including in connection strings, (but should come from those cloud product tickets)

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Githook User [ 15/Feb/19 ]

Author:

{'name': 'Kay Kim', 'email': 'kay.kim@mongodb.com'}

Message: DOCS-12329: tlsCertificateKeyFile and tlsCertificateKeyFilePassword
Branch: master
https://github.com/mongodb/docs/commit/93d44527161d451c000e7ba011c246644ebafa1f

Generated at Thu Feb 08 08:04:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.