[DOCS-5317] Explain need for --host option when using SSL Created: 30/Apr/15  Updated: 30/Oct/23  Resolved: 02/May/16

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: mongodb-3.0
Fix Version/s: Server_Docs_20231030

Type: Bug Priority: Major - P3
Reporter: Eric Sommer Assignee: Allison Reinheimer Moore
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to DOCS-5318 Update with new 3.0 options to SSL Co... Closed
Participants:
Days since reply: 7 years, 41 weeks, 2 days ago

 Description   

http://docs.mongodb.org/manual/reference/program/mongo/

3.0 has new option sslAllowInvalidHostnames, which is documented. What doesn't appear to be documented in 3.0's new handling of hostname validation when --sslAllowInvalidHostnames is not used:

  • mongod will check that the hostname of the host to which the connection was made matches the hostname in the certificate
  • if --host is not specified on the command line, the mongo shell will succeed in connecting to the default of 127.0.0.1/localhost, but that will likely not match the hostname in the certificate, causing the authentication to fail with error "The server certificate does not match the host name"


 Comments   
Comment by Githook User [ 02/May/16 ]

Author:

{u'username': u'schmalliso', u'name': u'Allison Moore', u'email': u'allison.moore@10gen.com'}

Message: DOCS-5317: adds details to mongo --host for ssl handling

Signed-off-by: kay <kay.kim@10gen.com>
Branch: master
https://github.com/mongodb/docs/commit/fa02d9ebbfd45ce04869734246e2ba9610aba243

Comment by Githook User [ 02/May/16 ]

Author:

{u'username': u'schmalliso', u'name': u'Allison Moore', u'email': u'allison.moore@10gen.com'}

Message: DOCS-5317: adds details to mongo --host for ssl handling

Signed-off-by: kay <kay.kim@10gen.com>
Branch: v3.0
https://github.com/mongodb/docs/commit/6ca064b7d298b04f4cbb9dcaa3b677162dc69def

Generated at Thu Feb 08 07:50:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.