[DOCS-3701] mongo shell --sslCAFile needs more explanation Created: 03/Jul/14 Updated: 16/Mar/15 Resolved: 25/Aug/14 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual |
| Affects Version/s: | None |
| Fix Version/s: | v1.3.10 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Cory Mintz | Assignee: | Michael Paik |
| Resolution: | Done | Votes: | 0 |
| Labels: | security-review | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Participants: | |||||||||||||
| Days since reply: | 9 years, 25 weeks, 2 days ago | ||||||||||||
| Description |
|
The docs page for connecting to a SSL-enabled mongod (http://docs.mongodb.org/manual/tutorial/configure-ssl-clients/) does not explain the importance of the --sslCAFile flag. Without it there is no verification of the server certificate. |
| Comments |
| Comment by Githook User [ 25/Aug/14 ] |
|
Author: {u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}Message: Signed-off-by: Sam Kleinman <samk@10gen.com> |
| Comment by Githook User [ 25/Aug/14 ] |
|
Author: {u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}Message: Signed-off-by: Sam Kleinman <samk@10gen.com> |
| Comment by Githook User [ 25/Aug/14 ] |
|
Author: {u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}Message: Signed-off-by: Sam Kleinman <samk@10gen.com> |
| Comment by Githook User [ 22/Aug/14 ] |
|
Author: {u'username': u'tychoish', u'name': u'Sam Kleinman', u'email': u'samk@10gen.com'}Message: |
| Comment by Githook User [ 22/Aug/14 ] |
|
Author: {u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}Message: |
| Comment by Githook User [ 22/Aug/14 ] |
|
Author: {u'username': u'tychoish', u'name': u'Sam Kleinman', u'email': u'samk@10gen.com'}Message: |
| Comment by Githook User [ 22/Aug/14 ] |
|
Author: {u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}Message: |
| Comment by Andreas Nilsson [ 03/Jul/14 ] |
|
I agree 100%. Btw, the server emits a warning if starting without the sslCAFile parameter but enabling SSL. There is an existing DOCS ticket to improve the SSL docs page, especially talking about our incorrect focus on self-signed certificates. This should probably be linked to that ticket. |