As of 2.7 we issue warning for long running mongod that the certificate it is using is about to expire.
When starting mongod with a certificate about to be expire we issue no such warning until 24hours after launching mongod.
The warning should be printed into the startupLog at startup, which also makes it visible in MMS.
Furthermore, once the certificate expires (on a running mongod) mongod will happily continue to run (issuing a warning message that the certificate is expired into the logs) - and leaves it up to the clients to decide on trusting the certificate or not.
If mongod is restarted for any reason - it will not startup again. It will abort due to expired certificate.
This seems very inconsistent and unexpected behaviour. There should be a way to --i-know-its-expired-but-I-must-startup-mongod
- is related to
-
SERVER-10961 Warn if a server certificate is about to expire
- Closed