[SERVER-72234] System-wide CA certificate store not used Created: 19/Dec/22 Updated: 08/Feb/23 Resolved: 17/Jan/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 6.0.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Wernfried Domscheit | Assignee: | Yuan Fang |
| Resolution: | Done | Votes: | 0 |
| Labels: | TLS/SSL | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Assigned Teams: |
Server Security
|
||||||||||||
| Operating System: | ALL | ||||||||||||
| Sprint: | Security 2023-01-23 | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
My configuration look like this:
Documentation says: If --tlsCAFile or tls.CAFile is not specified and you are not using x.509 authentication, the system-wide CA certificate store will be used when connecting to an TLS-enabled server. If using x.509 authentication, -
Despite the logfile shows this warning at startup:
So, either documentation is wrong, or mongod failed to use the system-wide CA certificate store
|
| Comments |
| Comment by Yuan Fang [ 17/Jan/23 ] |
|
Hi wernfried.domscheit@sunrise.net, Thank you for bringing this issue to our attention. We greatly appreciate your patience as we investigate. Based on the information you provided, it appears that the node utilizes the system-wide CA certificate store for server certificate validation. However, the warning message may have caused confusion regarding client certificate validation. To address this, we have filed a follow-up ticket, Regards, |