[DOCS-15170] Mention that AA uses both server PEM and agent PEM if cluster auth mode is X509 Created: 14/Mar/22 Updated: 29/Oct/23 Resolved: 31/Mar/22 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | 4.4.5 |
| Fix Version/s: | None |
| Type: | Task | Priority: | Minor - P4 |
| Reporter: | Lungang Fang | Assignee: | James Sanchez (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 1 year, 45 weeks ago |
| Description |
|
If the Cluster Auth Mode (internal authentication mode) is set to X509. In addition to connecting using the agent PEM configured in the Ops Manager web UI, Automation Agent will all establish connections using the internal auth configuration, i.e. connecting using the server PEM. This results warning message "Client connecting with server's own TLS certificate" in mongod log files. This might confuse security admins as they may not expect the such connections. Hence I'd suggest this mentioned in the documentation (perhaps https://docs.opsmanager.mongodb.com/current/tutorial/enable-x509-authentication-for-group/) to avoid confusion. |
| Comments |
| Comment by Githook User [ 30/Mar/22 ] |
|
Author: {'name': 'mongodbchez', 'email': '90717131+mongodbchez@users.noreply.github.com', 'username': 'mongodbchez'}Message:
|
| Comment by James Sanchez (Inactive) [ 30/Mar/22 ] |
|
LGTM from lungang.fang via Slack convo. Merging |
| Comment by James Sanchez (Inactive) [ 30/Mar/22 ] |
|
Hi lungang.fang the pr https://github.com/10gen/mms-docs/pull/4342 is ready for tech review. TY |