[SERVER-47963] Investigate intermediate CA certificates on Windows Created: 05/May/20  Updated: 29/Oct/23  Resolved: 20/Nov/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.9.0

Type: Task Priority: Major - P3
Reporter: Shreyas Kalyan Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-52923 Warn users about certificate chains b... Closed
related to SERVER-53016 Complete TODO listed in SERVER-47963 Closed
related to SERVER-55074 Add warning message to OCSP Fetcher w... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2020-11-30
Participants:

 Description   

OpenSSL accepts this configuration and proceeds with the TLS Connection, whereas windows does not. We should investigate whether we can unify the behavior between platforms or provide a guarantee on what configurations we support.

Chain: Root -> Int -> Server Leaf
Chain 2: Root -> Client Leaf

Server: CA-> Root + Int; PEM-> Server Leaf
Client: CA-> Root; PEM-> Client Leaf



 Comments   
Comment by Githook User [ 20/Nov/20 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-47963 Support intermediate certs in the ca file on Windows
Branch: master
https://github.com/mongodb/mongo/commit/b0b5daf545bc71b30304619947ee5bad02ccddb4

Generated at Thu Feb 08 05:15:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.