-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
ALL
Mongod started with CRL, valid cert
$ ./bin/mongod --dbpath ./data/ --sslOnNormalPorts --sslPEMKeyFile ../sslCA/gregorFreeBSD.pem --replSet rs1 --smallfiles --sslCRLFile=../sslCA/crl/crl.pem Mon Feb 25 15:32:48.373 [initandlisten] MongoDB starting : pid=9246 port=27017 dbpath=./data/ 64-bit host=ip-10-36-133-56 Mon Feb 25 15:32:48.374 [initandlisten] db version v2.4.0-rc0, pdfile version 4.5 Mon Feb 25 15:32:48.374 [initandlisten] git version: 09967e98e5d6280305d85553cdb2dd12e2e1e149 modules: subscription Mon Feb 25 15:32:48.374 [initandlisten] build info: Linux bs-e-ubuntu1104 2.6.38-13-virtual #57-Ubuntu SMP Mon Mar 5 21:16:08 UTC 2012 x86_64 BOOST_LIB_VERSION=1_49 Mon Feb 25 15:32:48.374 [initandlisten] allocator: tcmalloc Mon Feb 25 15:32:48.374 [initandlisten] options: { dbpath: "./data/", replSet: "rs1", smallfiles: true, sslCRLFile: "../sslCA/crl/crl.pem", sslOnNormalPorts: true, sslPEMKeyFile: "../sslCA/gregorFreeBSD.pem" } Mon Feb 25 15:32:48.382 [initandlisten] journal dir=./data/journal Mon Feb 25 15:32:48.382 [initandlisten] recover : no journal files present, no recovery needed Mon Feb 25 15:32:48.398 [initandlisten] ssl imported 1 revoked certificate from the revocation list. Mon Feb 25 15:32:48.399 [initandlisten] waiting for connections on port 27017 ssl Mon Feb 25 15:32:48.400 [websvr] ssl imported 1 revoked certificate from the revocation list. Mon Feb 25 15:32:48.400 [websvr] admin web console waiting for connections on port 28017 ssl Mon Feb 25 15:32:48.404 [rsStart] replSet I am ip-10-36-133-56:27017 Mon Feb 25 15:32:48.404 [rsStart] replSet STARTUP2 Mon Feb 25 15:32:49.406 [rsSync] replSet SECONDARY Mon Feb 25 15:32:49.406 [rsMgr] replSet info electSelf 0 Mon Feb 25 15:32:50.405 [rsMgr] replSet PRIMARY Mon Feb 25 15:32:52.664 [initandlisten] connection accepted from 127.0.0.1:54959 #1 (1 connection now open) Mon Feb 25 15:32:53.650 [conn1] end connection 127.0.0.1:54959 (0 connections now open) Mon Feb 25 15:32:55.010 [initandlisten] connection accepted from 127.0.0.1:54960 #2 (1 connection now open)
Mongo started with revoked cert
./bin/mongo --ssl --sslPEMKeyFile=../sslCA/revoked_gregor.pem MongoDB shell version: 2.4.0-rc0 connecting to: test rs1:PRIMARY>
- depends on
-
SERVER-8712 Should not be able to start mongod with CA-signed cert without specifying --sslCAFile option
- Closed