[DOCS-7404] Ops Manager Automation Agent sslTrustedMMSServerCertificate setting, suggest to mention root certificates for mongodb.org/mongodb.com downloads Created: 12/Mar/16  Updated: 29/Apr/19  Resolved: 22/Apr/19

Status: Closed
Project: Documentation
Component/s: Ops Manager
Affects Version/s: ops-manager-2.0.2, ops-manager-3.6, Ops 4.0.5
Fix Version/s: 01112017-cleanup

Type: Improvement Priority: Major - P3
Reporter: Roger McCoy (Inactive) Assignee: Anthony Sansone (Inactive)
Resolution: Done Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: PNG File image-2019-03-10-22-34-17-133.png    
Issue Links:
Related
Sub-Tasks:
Key
Summary
Type
Status
Assignee
DOCS-12653 Backport DOCS-7404 to v4.0 Backport Sub-Task Closed Anthony Sansone  
Participants:
Days since reply: 4 years, 41 weeks, 2 days ago
Epic Link: DOCSP-3126

 Description   

Suggestion for this document, regarding sslTrustedMMSServerCertificate
https://docs.opsmanager.mongodb.com/current/reference/automation-agent/#asetting.sslTrustedMMSServerCertificate

It would be helpful to mention that if MongoDB downloads are to be done from the external network, root certificates for downloads.mongodb.org and downloads.mongodb.com should be included in the file.



 Comments   
Comment by Githook User [ 29/Apr/19 ]

Author:

{'email': 'tony.sansone@mongodb.com', 'name': 'Anthony Sansone', 'username': 'atsansone'}

Message: (DOCS-7404): Add note about cert issues.
Branch: feature/mongodb-agent
https://github.com/10gen/mms-docs/commit/e3a356197fc4d6b3246abb45c0cc2d355dfb03d7

Comment by Githook User [ 26/Apr/19 ]

Author:

{'name': 'Anthony Sansone', 'username': 'atsansone', 'email': 'tony.sansone@mongodb.com'}

Message: (DOCS-12653): Backport DOCS-7404 to v4.0. Add note about cert issues.
Branch: v4.0
https://github.com/10gen/mms-docs/commit/73871166e529b121f28622e83871d8f1032cd53d

Comment by Githook User [ 22/Apr/19 ]

Author:

{'email': 'tony.sansone@mongodb.com', 'name': 'Anthony Sansone', 'username': 'atsansone'}

Message: (DOCS-7404): Add note about cert issues.
Branch: master
https://github.com/10gen/mms-docs/commit/72e17d2060664be866dbbc80a4f6424fc490935c

Comment by Anthony Sansone (Inactive) [ 11/Mar/19 ]

renato.riccio, emilio.scalise: We could say that they need to download the cert for the MongoDB download center and combine it with the CA for their Ops Manager instance if they want Ops Manager to download MongoDB installers from the Internet. We could not get into how to do that because:

  1. It relies entirely on outside tools to complete. (i.e. browser, OpenSSL / certmgr.exe, etc.)
  2. It requires different instructions per tool (i.e. browser) and platform. 
  3. It involves manual steps that can result in odd outcomes (i.e. concatenating .pem files).
  4. The cert for the Agent need to be signed by the CA that signed the MongoDB instance's cert.
  5. We do not document how to create a .PEM/cert file in the documentation.

This gets into the usage of non-MongoDB products a lot more than we would like.

In Chrome alone, the user would need to:

  1. Go to the Download Center and click the lock icon in the address bar.
  2. Click the Details tab of the CA certificate.
  3. Click Copy to File...
  4. Download a DER encoded binary X.509 cert.
  5. Convert that cert from .cer format to .pem format using OpenSSL (Linux) or Certificate Manager (Windows).
  6. Concatenate that CA cert to the CA cert of their MongoDB installs.

That has a lot of variables that would be normally out of scope for our documentation.

I will add the note I explained above to the documentation page you specified.

Thanks!

cc: jonathan.destefano

 

 

Comment by Emilio Scalise [ 19/Feb/19 ]

tony.sansone the issue is still here, and it's current.

I can't see a way to tag it for latest Ops Manager version... can you please check?

Thanks!

Comment by Anthony Sansone (Inactive) [ 18/Feb/19 ]

emilio.scalise, renato.riccio: These tickets were purged as part of a 2700+ ticket closing on 11 Jan 2017. It can be reopened and fixed. Emily left MongoDB early in 2018.

Comment by Emilio Scalise [ 18/Feb/19 ]

emily.hall can you please clarify why this ticket was closed as won't fix?

Thanks.

Generated at Thu Feb 08 07:54:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.