[SERVER-80741] Support rotating TLS certificates used by the gRPC server Created: 05/Sep/23 Updated: 29/Oct/23 Resolved: 23/Oct/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.2.0-rc0 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Patrick Freed | Assignee: | Erin McNulty |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Service Arch 2023-10-02, Service Arch 2023-10-16, Service Arch 2023-10-30 |
| Participants: |
| Description |
|
The current gRPC Server implementation only supports reading a certificate at startup and using it for the duration of its lifetime. We should extend this to allow rotating certificates without restarting the server through the rotateCertificates command, similar to what can be done today with asio. See the design for details. https://www.mongodb.com/docs/manual/reference/command/rotateCertificates/ |
| Comments |
| Comment by Githook User [ 20/Oct/23 ] |
|
Author: {'name': 'Erin McNulty', 'email': 'erin.mcnulty@mongodb.com', 'username': 'erin2722'}Message: |