[DOCS-13163] [CM] Doc incorrectly suggests sslTrustedMMSServerCertificate to be used for agent to mongodb TLS connection Created: 23/Oct/19  Updated: 29/Oct/23  Resolved: 25/Oct/19

Status: Closed
Project: Documentation
Component/s: Cloud Manager
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical - P2
Reporter: Dmitry Ryabtsev Assignee: Melissa Mahoney
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 4 years, 15 weeks, 6 days ago

 Description   

Description

In the Configure MongoDB Agent to Use TLS article the doc incorrectly suggests that sslTrustedMMSServerCertificate needs to be set for agent-to-MongoDB TLS connectivity.

This is incorrect. The sslTrustedMMSServerCertificate defines the location of the PEM file that should be used for validation of the certificate the Cloud Manager HTTPS server presents to the agents when they talk to it.

For agent-to-MongoDB connectivity sslTrustedServerCertificate needs to be used instead. In fact, the documentation for Ops Manager appears to be more accurate in that regard.

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Githook User [ 25/Oct/19 ]

Author:

{'name': 'Melissa Mahoney', 'username': 'melissamahoney-mongodb', 'email': 'melissa.mahoney@mongodb.com'}

Message: (DOCS-13163): Incorrect TLS setting for Agent-to-MDB connections
Branch: master
https://github.com/10gen/mms-docs/commit/ec6efc816860f7bf2f16c159f1b87f9de137966d

Comment by Melissa Mahoney [ 24/Oct/19 ]

There is some slight confusion in this ticket, which I have worked with dennis.kuczynski to address.

With the MongoDB Agent, you do not have to set the path to your trusted CA certificate in the MongoDB Agent config file. You just need to enable TLS at the deployment level. So I have removed those steps that say to set the path, and the PR is in progress.

In regards to the legacy Agents, you do need to set sslTrustedMMSServerCertificate for the legacy Automation Agent and sslTrustedServerCertificate for the legacy Monitoring Agent. That documentation is correct and remains unchanged.

Generated at Thu Feb 08 08:07:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.