[DOCS-5504] X509: User certificates and server certificates should have different DC-OU-O combinations Created: 27/May/15  Updated: 11/Jan/17  Resolved: 28/May/15

Status: Closed
Project: Documentation
Component/s: Server
Affects Version/s: None
Fix Version/s: 01112017-cleanup

Type: Task Priority: Major - P3
Reporter: Alexander Komyagin Assignee: Kay Kim (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-15459 Check new X509 user names against _cl... Closed
Participants:
Days since reply: 8 years, 37 weeks, 6 days ago

 Description   

We should explicitly warn users that when they create app certificates, they should use a different DC-OU-O combination than they used for server certificates.

Since we are using the DC-OU-O part of the cert subject name to detect internal connections in the replica set, any user that has the same DC-OU-O combination in his certificate will be treated as the internal user (i.e. __system) and he will get wrong privileges.



 Comments   
Comment by Githook User [ 28/May/15 ]

Author:

{u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}

Message: DOCS-5504 x509 client certificates subject must differ from server certificates
Branch: master
https://github.com/mongodb/docs/commit/a57805269a00ac5be9d4c247e25279d044f1f0ea

Comment by Githook User [ 28/May/15 ]

Author:

{u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}

Message: DOCS-5504 x509 client certificates subject must differ from server certificates
Branch: v2.6
https://github.com/mongodb/docs/commit/07fa06742216389d0b7c0b1acf5575847f7cdb33

Generated at Thu Feb 08 07:50:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.