<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:56:48 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-2279] Java driver and SSL certificate chains</title>
                <link>https://jira.mongodb.org/browse/JAVA-2279</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;I have a public SSL certificate issued by GoDaddy and I am trying to validate the certificate in the java driver.&lt;/p&gt;

&lt;p&gt;In previous versios of mongodb I have used the following .pem file for the server ssl pem file.&lt;/p&gt;

&lt;p&gt;&amp;lt;Private key&amp;gt;&lt;br/&gt;
&amp;lt;Public key&amp;gt;&lt;br/&gt;
&amp;lt;Public key Chain 1&amp;gt; &lt;br/&gt;
&amp;lt;Public key Chain 2&amp;gt; &lt;br/&gt;
&amp;lt;Public key Chain 3&amp;gt; &lt;/p&gt;

&lt;p&gt;However this doesn&apos;t seem to work anymore. Should the .pem only contain the private and public keys and the chain certs should be specified in the CA file provided to the driver? &lt;/p&gt;

&lt;p&gt;The documentation wasn&apos;t clear on this - so it will be good to clarify on this.&lt;/p&gt;</description>
                <environment></environment>
        <key id="308722">JAVA-2279</key>
            <summary>Java driver and SSL certificate chains</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="dharshanr@scalegrid.net">Dharshan Rangegowda</reporter>
                        <labels>
                    </labels>
                <created>Fri, 12 Aug 2016 23:11:42 +0000</created>
                <updated>Wed, 11 Sep 2019 19:13:23 +0000</updated>
                            <resolved>Mon, 3 Oct 2016 00:00:28 +0000</resolved>
                                    <version>3.0.2</version>
                                                    <component>Configuration</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="1398513" author="jeff.yemin" created="Mon, 3 Oct 2016 00:00:19 +0000"  >&lt;p&gt;Hi Dharshan,&lt;/p&gt;

&lt;p&gt;The Java driver delegate SSL entirely to the JVM.   If you configure the driver with either ssl=true on the connection string or with the sslEnabled property of MongoClientOptions, then the driver creates SSLSocket instances via SSLSocketFactory.getDefault(), which in turn uses the standard JVM system properties for specifying the trust store.  See &lt;a href=&quot;http://mongodb.github.io/mongo-java-driver/3.3/driver-async/reference/connecting/ssl/#jvm-system-properties&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;the driver&apos;s reference documentation&lt;/a&gt; for details.&lt;/p&gt;

&lt;p&gt;Alternatively you can figure an SSLSocketFactory in the application by setting the socketFactory property of MongoClientOptions.  See &lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-2229&quot; title=&quot;SocketFactory overridden if `ssl=true` is used in the URI&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-2229&quot;&gt;&lt;del&gt;JAVA-2229&lt;/del&gt;&lt;/a&gt; for a known related issue that will be fixed in the next release.&lt;/p&gt;</comment>
                            <comment id="1364401" author="dharshanr@scalegrid.net" created="Tue, 23 Aug 2016 01:29:28 +0000"  >&lt;p&gt;Hi Ross,&lt;/p&gt;

&lt;p&gt;In the comment above i&apos;m referring to how the Java driver is validating the cert chain - I would like to understand if there are any requirements around how the cert chain is stored in the server side mongod.pem for the driver to validate - or is the java driver expecting the cert chain to come from other cert stores (E.g cacerts in jvm).&lt;/p&gt;</comment>
                            <comment id="1363337" author="ross@10gen.com" created="Mon, 22 Aug 2016 12:38:31 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=dharshanr%40scalegrid.net&quot; class=&quot;user-hover&quot; rel=&quot;dharshanr@scalegrid.net&quot;&gt;dharshanr@scalegrid.net&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thanks for the ticket, I&apos;m unclear if you are referring to the MongoD configuration no longer working or your code?  &lt;/p&gt;

&lt;p&gt;Just to let you know this project is for Java driver bugs or feature requests. The best place for questions regarding MongoDB usage or the Java driver specifics is the &lt;a href=&quot;https://groups.google.com/forum/#!forum/mongodb-user&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongodb-user mailinglist&lt;/a&gt; or &lt;a href=&quot;http://stackoverflow.com&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;stackoverflow&lt;/a&gt; as you will reach a boarder audience there.  If your business requires an answer from MongoDB within a time frame then we do offer &lt;a href=&quot;https://www.mongodb.com/products/production-support&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;production support&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;If you do follow up via one of the options above please post a link and I will follow the conversation there.&lt;/p&gt;

&lt;p&gt;All the best,&lt;/p&gt;

&lt;p&gt;Ross&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsook7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>