[DOCS-13163] [CM] Doc incorrectly suggests sslTrustedMMSServerCertificate to be used for agent to mongodb TLS connection Created: 23/Oct/19 Updated: 29/Oct/23 Resolved: 25/Oct/19 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | Cloud Manager |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Dmitry Ryabtsev | Assignee: | Melissa Mahoney |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 4 years, 15 weeks, 6 days ago |
| Description |
DescriptionIn the Configure MongoDB Agent to Use TLS article the doc incorrectly suggests that sslTrustedMMSServerCertificate needs to be set for agent-to-MongoDB TLS connectivity. This is incorrect. The sslTrustedMMSServerCertificate defines the location of the PEM file that should be used for validation of the certificate the Cloud Manager HTTPS server presents to the agents when they talk to it. For agent-to-MongoDB connectivity sslTrustedServerCertificate needs to be used instead. In fact, the documentation for Ops Manager appears to be more accurate in that regard. Scope of changesImpact to Other DocsMVP (Work and Date)Resources (Scope or Design Docs, Invision, etc.) |
| Comments |
| Comment by Githook User [ 25/Oct/19 ] |
|
Author: {'name': 'Melissa Mahoney', 'username': 'melissamahoney-mongodb', 'email': 'melissa.mahoney@mongodb.com'}Message: ( |
| Comment by Melissa Mahoney [ 24/Oct/19 ] |
|
There is some slight confusion in this ticket, which I have worked with dennis.kuczynski to address. With the MongoDB Agent, you do not have to set the path to your trusted CA certificate in the MongoDB Agent config file. You just need to enable TLS at the deployment level. So I have removed those steps that say to set the path, and the PR is in progress. In regards to the legacy Agents, you do need to set sslTrustedMMSServerCertificate for the legacy Automation Agent and sslTrustedServerCertificate for the legacy Monitoring Agent. That documentation is correct and remains unchanged. |