Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32979

Add certificate selector for Windows for SChannel

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.7.4
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • Platforms 2018-03-26

      The new option will be called a “Certificate Selector” for each option used to read a PEM file today. No new options will be used to read CA certs or CRL lists as these will be retrieved from the system certificate store by the native SSL library automatically. Both platforms will check OCSP for CRLs.

      Existing Option New Option Config Name
      sslPEMKeyFile sslCertificateSelector net.ssl.CertificateSelector
      sslClusterFile sslClusterCertificateSelector net.ssl.ClusterCertificateSelector
      kmipClientCertificateFile kmipClientCertificateSelector security.kmip.ClientCertificateSelector

      It is a startup error to specify a certificate selector and file for the same parameter.

      The format of the certificate selector is:

      <certificate property>=<value>

      The following certificate properties are supported:

      Property Value Description
      subject An ASCII string Matches Subject Name
      thumbprint Hex string Matches Thumbprint

      The property names are case-sensitive. For subject name, the match is exact, case-sensitive string match. Only one property may be specified in a search. In the case of two or more certificates matching the same search criteria, the certificate returned is undefined, and depends on the OS behavior.

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: