[SERVER-27299] Add the ability to restrict power of Certificate Authorities Created: 06/Dec/16  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Admin, Networking, Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: platforms-re-triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Security
Participants:

 Description   

Certificate Authorities(CAs) loaded into MongoDB processes are used to validate certificates presented by clients. Client certificates can be used to prove clients were granted a certificate before they connected, perform client authentication, or perform intra-cluster authentication, or perform authorization.

It would be useful to be able to restrict how certificates issued by a particular CA, or CAs it has delegated signing authority to, may be used. This could be done by adding a configuration option to MongoDB which would accept a mapping from CA Serial Numbers to the list of actions that the CA may be used for.


Generated at Thu Feb 08 04:14:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.