[SERVER-15556] Verify CA validity Created: 07/Oct/14  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 1
Labels: 28qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
Assigned Teams:
Server Security
Participants:

 Description   

Even though providing a Certificate Authority is required, no attempts are made to enforce it is still valid.

openssl genrsa -out CAPCA.key 2048
openssl req -x509 -new -nodes -key CAPCA.key -out CAPCA.pem -subj "/C=US/ST=California/OU=CAPRoot/L=Palo Alto/CN=127.0.0.1" -days -1
openssl req -new -newkey rsa:1024 -nodes -out Bongo.req -keyout Bongo.key -subj "/C=US/ST=California/OU=CAP/L=Palo Alto/CN=127.0.0.1" -days 2
openssl x509 -CA CAPCA.pem -CAkey CAPCA.key -CAcreateserial -req -in Bongo.req -out Bongo.pem -days 2
cat Bongo.key Bongo.pem > combined.pem
mongod --sslMode requireSSL --sslPEMKeyFile combined.pem --sslCAFile CAPCA.pem --smallfiles --dbpath /tmp --port 2000


Generated at Thu Feb 08 03:38:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.