[SERVER-32054] Client connect without client cert Created: 06/Nov/17  Updated: 17/Dec/17  Resolved: 21/Nov/17

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Minor - P4
Reporter: Karsten [X] Assignee: Mark Agarunov
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

How to connect from SSL via Client to Mongodb with requireSSL , without and Client Cert. We only have the RootCa zert and Issuere. CAFile.
Do we realy need to set allowInvalidCert ?


Participants:

 Comments   
Comment by Mark Agarunov [ 21/Nov/17 ]

Hello Engstler,

Thank you for the report. Due to the way x509 authentication and verification works, the hostname specified by -host either needs to match the CA or SAN field, or it will be considered invalid and -sslAllowInvalidCertificates will be required. This is due to how x509 and SSL are designed, not something specific to MongoDB.

Thanks,
Mark

Generated at Thu Feb 08 04:29:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.