[DOCS-2972] Highlight self-signed certificates are susceptible to MITM attacks Created: 24/Mar/14  Updated: 11/Jan/17  Resolved: 24/Mar/14

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 01112017-cleanup

Type: Improvement Priority: Major - P3
Reporter: Anil Kumar Assignee: Kay Kim (Inactive)
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates DOCS-2926 Update the SSL tutorial's information... Closed
Related
Participants:
Days since reply: 9 years, 47 weeks, 2 days ago

 Description   

http://docs.mongodb.org/manual/tutorial/configure-ssl/ starts off with setting up MongoD and MongoS with SSL using a self-signed certificates without high-lighting the risks with self-signed certificates i.e. being susceptible to MITM attacks.

A security aware person may know the differences and make appropriate choices to have a verified SSL setup, but most of our users depend on documentation to highlight any such risks. This came up recently in the linked CS ticket and I believe adding some warning there and to mention that using self-signed certificate is not something we suggest for normal deployment would be useful.

In it's current form, it looks like we suggest using self-signed certificates (since we are providing steps to create one without any further warning).


Generated at Thu Feb 08 07:44:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.