<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 07:47:12 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-4103] x509 client and server certificates </title>
                <link>https://jira.mongodb.org/browse/DOCS-4103</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;blockquote&gt;
&lt;p&gt;It is possible to use a single x509 certificate for both member authentication and x.509 client authentication. To do so, obtain a certificate with both clientAuth and serverAuth (i.e. &#8220;TLS Web Client Authentication&#8221; and &#8220;TLS Web Server Authentication&#8221;) specified as Extended Key Usage (EKU) values, or simply do not specify any EKU values. Provide this file as the the --sslPEMKeyFile and omit the --sslClusterFile option described below.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;It is very confusing, as it might sound that we encourage to use the same x509 certificate for both client and server authentication.&lt;/p&gt;</description>
                <environment>&lt;a href=&quot;http://docs.mongodb.org/manual/tutorial/configure-x509-member-authentication/&quot;&gt;http://docs.mongodb.org/manual/tutorial/configure-x509-member-authentication/&lt;/a&gt;</environment>
        <key id="160968">DOCS-4103</key>
            <summary>x509 client and server certificates </summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="sam.kleinman">Sam Kleinman</assignee>
                                    <reporter username="alex.komyagin@mongodb.com">Alexander Komyagin</reporter>
                        <labels>
                    </labels>
                <created>Mon, 29 Sep 2014 21:05:22 +0000</created>
                <updated>Mon, 16 Mar 2015 23:56:38 +0000</updated>
                            <resolved>Thu, 16 Oct 2014 14:49:23 +0000</resolved>
                                                    <fixVersion>v1.3.12</fixVersion>
                                    <component>manual</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="742803" author="xgen-internal-githook" created="Thu, 16 Oct 2014 14:49:14 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;tychoish&apos;, u&apos;name&apos;: u&apos;Sam Kleinman&apos;, u&apos;email&apos;: u&apos;samk@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-4103&quot; title=&quot;x509 client and server certificates &quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-4103&quot;&gt;&lt;del&gt;DOCS-4103&lt;/del&gt;&lt;/a&gt;: clarification to client/member auth x509&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/docs/commit/8227ff3ba3640919ea7c37707253777a659df712&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/docs/commit/8227ff3ba3640919ea7c37707253777a659df712&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="730141" author="kevin.pulo@10gen.com" created="Tue, 30 Sep 2014 01:12:29 +0000"  >&lt;p&gt;This version seems to suggest that we recommend setting both clientAuth and serverAuth.  This would only be the case if someone wanted one certificate that can be used for both client and server authentication.  We should be able to mention that this is possible, without suggesting that it is recommended or should always be done (since the general recommendation is to use only clientAuth for certificates that will be presented when connecting a server, and only serverAuth for certificates that will be presented to connecting clients).  ie. it doesn&apos;t mention that this is for the --sslPEMKeyFile but no --sslClusterFile case.&lt;/p&gt;

&lt;p&gt;Can I suggest the following (or similar):&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;It is possible to use a x509 certificate for member authentication that doesn&apos;t have Extended Key Usage (EKU) attributes set. However, if EKU attributes are used in the --sslPEMKeyFile certificate, then either (or both) the clientAuth and serverAuth (i.e. &#8220;TLS Web Client Authentication&#8221; and &#8220;TLS Web Server Authentication&#8221;) attributes should be specified, depending on how the certificate will be used.  The certificate specified to --sslPEMKeyFile requires the serverAuth attribute, while the certificate specified to --sslClusterFile requires the clientAuth attribute.  As described below, if --sslClusterFile is omitted, it defaults to the file given to --sslPEMKeyFile.&lt;/p&gt;&lt;/blockquote&gt;</comment>
                            <comment id="729970" author="alex.komyagin@10gen.com" created="Mon, 29 Sep 2014 21:08:57 +0000"  >&lt;p&gt;I suggest to rephrase:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;It is possible to use a x509 certificate for member authentication that doesn&apos;t have Extended Key Usage (EKU) attributes set. However, if EKU attributes are used in the --sslPEMKeyFile certificate, both clientAuth and serverAuth (i.e. &#8220;TLS Web Client Authentication&#8221; and &#8220;TLS Web Server Authentication&#8221;) should be specified.&lt;/p&gt;&lt;/blockquote&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="175677">DOCS-4572</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10855" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Actual Time</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 30 Sep 2014 01:12:29 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        9 years, 17 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>jess.mokrzecki@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            9 years, 17 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>alex.komyagin@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>kevin.pulo@mongodb.com</customfieldvalue>
            <customfieldvalue>sam.kleinman</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrqs67:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hs2nav:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>140185</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hryqnz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>