[SERVER-14511] Check Extended Key Usage in mongod SSL certificate on startup Created: 09/Jul/14 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.4.5, 2.6.3 |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Alexander Komyagin | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Participants: | |||||||||
| Description |
|
If Extended Key Usage is specified, it should contain both "TLS Web Server Authentication" and "TLS Client Server Authentication", because the same cert is being used for creating and accepting internal connections in between the RS members. |