<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:10:31 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-14502] Amazon Linux does not trust ISRG Root X1 </title>
                <link>https://jira.mongodb.org/browse/DOCS-14502</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;h2&gt;&lt;a name=&quot;Description&quot;&gt;&lt;/a&gt;Description&lt;/h2&gt;
&lt;p&gt;Amazon Linux AMI does not trust the new ISRG Root X1 root CA.&lt;/p&gt;

&lt;p&gt;Amazon Linux AMI is EOL which is probably why they are not getting the security updates needed to be compatible with ISRG Root X1. But there are many customers still using it, I&apos;ve seen a few support cases opened in the last few days on this and there could be more.&lt;/p&gt;

&lt;p&gt;Some AWS lambda services are still hosted on Amazon Linux AMI, see &lt;a href=&quot;https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Can we add a section in &lt;a href=&quot;https://docs.atlas.mongodb.com/reference/faq/security/#which-certificate-authority-signs-mongodb-atlas-cluster-tls-certificates-&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this doc  &lt;/a&gt; similar to the &quot;Hard-coded Certificate Authority&quot; and the &quot;Java user&quot; section to warn people that if they are on Amazon Linux AMI they should migrate before September to Amazon Linux 2 which supports ISRG Root X1.&lt;/p&gt;

&lt;p&gt;Some context: &lt;br/&gt;
&lt;a href=&quot;https://community.letsencrypt.org/t/confirm-whether-amazon-linux-trust-isrg-root-x1/152464&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://community.letsencrypt.org/t/confirm-whether-amazon-linux-trust-isrg-root-x1/152464&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;&lt;a name=&quot;Scopeofchanges&quot;&gt;&lt;/a&gt;Scope of changes&lt;/h2&gt;

&lt;h2&gt;&lt;a name=&quot;ImpacttoOtherDocs&quot;&gt;&lt;/a&gt;Impact to Other Docs&lt;/h2&gt;

&lt;h2&gt;&lt;a name=&quot;MVP%28WorkandDate%29&quot;&gt;&lt;/a&gt;MVP (Work and Date)&lt;/h2&gt;

&lt;h2&gt;&lt;a name=&quot;Resources%28ScopeorDesignDocs%2CInvision%2Cetc.%29&quot;&gt;&lt;/a&gt;Resources (Scope or Design Docs, Invision, etc.)&lt;/h2&gt;
</description>
                <environment></environment>
        <key id="1756591">DOCS-14502</key>
            <summary>Amazon Linux does not trust ISRG Root X1 </summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="zach.carr@mongodb.com">Zachary Carr</assignee>
                                    <reporter username="jennifer.huang@mongodb.com">Jennifer Huang</reporter>
                        <labels>
                            <label>cet-captain</label>
                    </labels>
                <created>Tue, 25 May 2021 17:05:14 +0000</created>
                <updated>Sun, 29 Oct 2023 13:53:53 +0000</updated>
                            <resolved>Wed, 2 Jun 2021 17:34:08 +0000</resolved>
                                                                    <component>Atlas</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="3854337" author="zach.carr" created="Wed, 2 Jun 2021 17:34:08 +0000"  >&lt;p&gt;Thanks Jennifer! &lt;/p&gt;

&lt;p&gt;&amp;#8211; &lt;/p&gt;

&lt;p&gt;Merged to master.&lt;/p&gt;</comment>
                            <comment id="3854260" author="jennifer.huang" created="Wed, 2 Jun 2021 17:08:38 +0000"  >&lt;p&gt;Thanks &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=zach.carr&quot; class=&quot;user-hover&quot; rel=&quot;zach.carr&quot;&gt;zach.carr&lt;/a&gt; that looks good&lt;/p&gt;</comment>
                            <comment id="3853900" author="zach.carr" created="Wed, 2 Jun 2021 15:18:18 +0000"  >&lt;p&gt;Thanks for reviewing &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jennifer.huang&quot; class=&quot;user-hover&quot; rel=&quot;jennifer.huang&quot;&gt;jennifer.huang&lt;/a&gt; - updated with the date, using your wording. &lt;a href=&quot;https://docs-atlas-staging.mongodb.com/cloud-docs/docsworker-xlarge/DOCSP-14502/reference/faq/security/#amazon-linux-ami-users&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Here&apos;s the staged page&lt;/a&gt; if you want to take another look.&lt;/p&gt;</comment>
                            <comment id="3853136" author="jennifer.huang" created="Wed, 2 Jun 2021 08:08:10 +0000"  >&lt;p&gt;Thanks &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=zach.carr&quot; class=&quot;user-hover&quot; rel=&quot;zach.carr&quot;&gt;zach.carr&lt;/a&gt; for looking into this, I agree not to specify the steps to installing cert manually. &lt;/p&gt;

&lt;p&gt;One thing about the September 2021 deadline for cert switch, I don&apos;t see other mention of the deadline on the page hence, maybe we need to give a little more info about it?&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;If you are using Amazon Linux AMI, you should migrate to Amazon Linux 2 before September 2021 to support ISRG Root X1 certificates and avoid certificate compatibility issues.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;If you are using Amazon Linux AMI, you should migrate to Amazon Linux 2 before September 30 2021, when the support of ISRG Root X1 certificates become mandatory for Atlas to avoid certificate compatibility issues.&lt;/p&gt;</comment>
                            <comment id="3852391" author="zach.carr" created="Tue, 1 Jun 2021 20:42:16 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jennifer.huang&quot; class=&quot;user-hover&quot; rel=&quot;jennifer.huang&quot;&gt;jennifer.huang&lt;/a&gt;, thanks for the detailed ticket. I added an FAQ item in this PR: &lt;a href=&quot;https://github.com/10gen/cloud-docs/pull/2364&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/cloud-docs/pull/2364&lt;/a&gt;, would you mind taking a look to confirm it&apos;s accurate? I left out your manual install steps, both to encourage customers to migrate and to avoid maintaining a procedure. Let me know if you think we need the steps. Thanks!&lt;/p&gt;

&lt;p&gt;If it&apos;s easier to review on this ticket, here&apos;s &lt;a href=&quot;https://docs-atlas-staging.mongodb.com/cloud-docs/docsworker-xlarge/DOCSP-14502/reference/faq/security/#amazon-linux-ami-users&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;the staged view&lt;/a&gt;.&lt;/p&gt;</comment>
                            <comment id="3845352" author="jennifer.huang" created="Thu, 27 May 2021 16:35:30 +0000"  >&lt;p&gt;I can manually install ISRG root CA on Amazon Linux with the following steps:&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Install the ca-certificates package:
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;yum install ca-certificates.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;&lt;/li&gt;
	&lt;li&gt;Enable the dynamic CA configuration feature:
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;update-ca-trust force-enable.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;&lt;/li&gt;
	&lt;li&gt;get the &lt;a href=&quot;https://letsencrypt.org/certs/isrgrootx1.pem&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;ISRG cert&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;Add it as a new file to /etc/pki/ca-trust/source/anchors/:
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;cp isrgrootx1.pem /etc/pki/ca-trust/source/anchors/&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;&lt;/li&gt;
	&lt;li&gt;add it to the server root CA
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;update-ca-trust extract&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;For people really don&apos;t want to migrate to Amazon Linux 2 before end of September they&apos;ll have to manually install the certificate. Not sure what level of details we need to include in the doc about install the CA, more testing needed if we need to include commands. &lt;/p&gt;</comment>
                            <comment id="3840808" author="phil.jordan" created="Wed, 26 May 2021 10:13:23 +0000"  >&lt;p&gt;FYI &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=chris.shum&quot; class=&quot;user-hover&quot; rel=&quot;chris.shum&quot;&gt;chris.shum&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5002K00000v0vSOQAY, 5002K00000v0UQOQA2, 5002K00000uyYBrQAM]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 26 May 2021 10:13:23 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 36 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 36 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>jennifer.huang@mongodb.com</customfieldvalue>
            <customfieldvalue>phil.jordan@mongodb.com</customfieldvalue>
            <customfieldvalue>zach.carr@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hzhnlj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hz2c8v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4877">CET: OutKast (25 - 31 May 21)</customfieldvalue>
    <customfieldvalue id="4966">CET: Phish (1 - 7 June 2021)</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10555" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hzh9un:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>