<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 07:48:20 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-4572] Clarify extendedKeyUsage needs of server/client SSL certificates</title>
                <link>https://jira.mongodb.org/browse/DOCS-4572</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;p&gt;In &lt;a href=&quot;http://docs.mongodb.org/manual/tutorial/upgrade-cluster-to-ssl/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/tutorial/upgrade-cluster-to-ssl/&lt;/a&gt; it is not clear that a certificate given to --sslPEMKeyFile must have either:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;em&gt;both&lt;/em&gt; serverAuth and clientAuth extendedKeyUsage flags, or&lt;/li&gt;
	&lt;li&gt;&lt;em&gt;neither&lt;/em&gt; of them (which defaults to a certificate that is usable for any purpose).&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;This information is available in&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;http://docs.mongodb.org/manual/tutorial/configure-x509-member-authentication/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/tutorial/configure-x509-member-authentication/&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;http://docs.mongodb.org/manual/tutorial/configure-x509-client-authentication/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/tutorial/configure-x509-client-authentication/&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;but neither of these locations are obvious to a user following the upgrade tutorial, since they both refer to x.509 auth (which a user might not realise is still partially relevant in this particular case) &amp;#8212; plus they&apos;re not linked from the page in question (either directly or indirectly).&lt;/p&gt;

&lt;p&gt;If a serverAuth certificate is generated and given to --sslPEMKeyFile, without a corresponding clientAuth cert given to --sslClusterFile, then the upgrade procedure will not work (it fails when switching from allowSSL to preferSSL).&lt;/p&gt;

&lt;p&gt;The required certificate flags should be spelled out in (or before) step 1 of the above URL.  Otherwise, users may generate certificates that work for part of the process, but then mysteriously fail to work later on.&lt;/p&gt;

&lt;p&gt;The viable approaches that should be listed are:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Single cert with no extendedKeyUsage flags, passed to --sslPEMKeyFile&lt;/li&gt;
	&lt;li&gt;Single cert with serverAuth and clientAuth extendedKeyUsage flags, passed to --sslPEMKeyFile&lt;/li&gt;
	&lt;li&gt;One cert with serverAuth passed to --sslPEMKeyFile, and another cert with clientAuth passed to --sslClusterFile.&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="175677">DOCS-4572</key>
            <summary>Clarify extendedKeyUsage needs of server/client SSL certificates</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="kevin.pulo@mongodb.com">Kevin Pulo</reporter>
                        <labels>
                    </labels>
                <created>Sun, 21 Dec 2014 22:47:39 +0000</created>
                <updated>Mon, 30 Oct 2023 21:50:19 +0000</updated>
                            <resolved>Tue, 1 Nov 2022 11:03:09 +0000</resolved>
                                                    <fixVersion>Server_Docs_20231030</fixVersion>
                                    <component>manual</component>
                    <component>Server</component>
                        <due>Mon, 8 Jun 2015 00:00:00 +0000</due>
                            <votes>5</votes>
                                    <watches>9</watches>
                                                                                                                <comments>
                            <comment id="4943701" author="edu.bot" created="Tue, 1 Nov 2022 11:03:05 +0000"  >&lt;p&gt;Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you!&lt;/p&gt;</comment>
                            <comment id="3267144" author="alex.komyagin@10gen.com" created="Thu, 2 Jul 2020 00:33:00 +0000"  >&lt;p&gt;Any update here? It&apos;s been 5 years....&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="160968">DOCS-4103</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[500A000000X2ZrVIAV]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 2 Jul 2020 00:33:00 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        1 year, 14 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>DOCSP-1769</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>emet.ozar@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 14 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>alex.komyagin@mongodb.com</customfieldvalue>
            <customfieldvalue>edu.bot</customfieldvalue>
            <customfieldvalue>kevin.pulo@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrqm2f:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsnfjj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>154000</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrv2sn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>