DOCS-12022 backport sslClusterCAFile option to 3.4.18

Isabella Siu · kay-kim · commit 0121e3e0ca68 · 2018-11-07T13:00:39.000-05:00
diff --git a/source/includes/options-conf.yaml b/source/includes/options-conf.yaml
@@ -539,7 +539,6 @@ description: |
 
    Enables or disables IPv6 support. :binary:`~bin.mongos` or
    :binary:`~bin.mongod` disables IPv6 support by default.
-
 ---
 program: conf
 name: net.http.JSONPEnabled
@@ -662,6 +661,19 @@ inherit:
   file: options-mongod.yaml
 ---
 program: conf
+name: net.ssl.clusterCAFile
+type: string
+directive: setting
+replacement:
+  program: ":binary:`~bin.mongos` or :binary:`~bin.mongod`"
+  intro: "The"
+  cafile: ":setting:`net.ssl.CAFile`"
+inherit:
+  name: sslClusterCAFile
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
 name: net.ssl.CRLFile
 type: string
 directive: setting
diff --git a/source/includes/options-mongod.yaml b/source/includes/options-mongod.yaml
@@ -1373,6 +1373,35 @@ replacement:
   intro: "Specifies the"
 ---
 program: mongod
+name: sslClusterCAFile
+args: <filename>
+directive: option
+description: |
+  
+  .. versionadded:: 3.4.18
+
+  {{intro}} :file:`.pem` file that contains the root certificate chain
+  from the Certificate Authority used to validate the certificate
+  presented by a client establishing a connection. Specify the file
+  name of the :file:`.pem` file using relative or absolute paths.
+
+  If {{role}} does not specify the :file:`.pem` file for validating the
+  certificate from a client establishing a connection, the cluster uses
+  the :file:`.pem` file specified in the {{cafile}} option.
+
+  {{role}} lets you use separate Certificate Authorities to verify the
+  client to server and server to client portions of the TLS handshake.
+
+  Requires that {{cafile}} is set.
+
+  .. include:: /includes/extracts/ssl-facts-see-more.rst
+
+optional: true
+replacement:
+  intro: "Specifies the"
+  cafile: ":option:`--sslCAFile`"
+---
+program: mongod
 name: sslCRLFile
 args: <filename>
 directive: option
diff --git a/source/includes/options-mongos.yaml b/source/includes/options-mongos.yaml
@@ -321,6 +321,13 @@ inherit:
   file: options-mongod.yaml
 ---
 program: mongos
+name: sslClusterCAFile
+inherit:
+  name: sslClusterCAFile
+  program: mongod
+  file: options-mongod.yaml
+---
+program: mongos
 name: sslCRLFile
 inherit:
   name: sslCRLFile
diff --git a/source/reference/configuration-options.txt b/source/reference/configuration-options.txt
@@ -238,6 +238,7 @@ Core Options
          clusterFile: <string>
          clusterPassword: <string>
          CAFile: <string>
+         clusterCAFile: <string>
          CRLFile: <string>
          allowConnectionsWithoutCertificates: <boolean>
          allowInvalidCertificates: <boolean>
@@ -297,6 +298,9 @@ Core Options
 
 .. include:: /includes/option/setting-conf-net.http.RESTInterfaceEnabled.rst
 
+
+.. _net-ssl-conf-options:
+
 ``net.ssl`` Options
 ```````````````````
 
@@ -311,6 +315,7 @@ Core Options
          clusterFile: <string>
          clusterPassword: <string>
          CAFile: <string>
+         clusterCAFile: <string>
          CRLFile: <string>
          allowConnectionsWithoutCertificates: <boolean>
          allowInvalidCertificates: <boolean>
@@ -332,6 +337,8 @@ Core Options
 
 .. include:: /includes/option/setting-conf-net.ssl.CAFile.rst
 
+.. include:: /includes/option/setting-conf-net.ssl.clusterCAFile.rst
+
 .. include:: /includes/option/setting-conf-net.ssl.CRLFile.rst
 
 .. include:: /includes/option/setting-conf-net.ssl.allowConnectionsWithoutCertificates.rst
diff --git a/source/reference/program/mongod.txt b/source/reference/program/mongod.txt
@@ -255,6 +255,7 @@ Sharded Cluster Options
 
 .. include:: /includes/option/option-mongod-noMoveParanoia.rst
 
+
 TLS/SSL Options
 ~~~~~~~~~~~~~~~
 
@@ -279,6 +280,8 @@ TLS/SSL Options
 
 .. include:: /includes/option/option-mongod-sslCAFile.rst
 
+.. include:: /includes/option/option-mongod-sslClusterCAFile.rst
+
 .. include:: /includes/option/option-mongod-sslCRLFile.rst
 
 .. include:: /includes/option/option-mongod-sslAllowInvalidCertificates.rst
diff --git a/source/reference/program/mongos.txt b/source/reference/program/mongos.txt
@@ -119,6 +119,8 @@ TLS/SSL Options
 
 .. include:: /includes/option/option-mongos-sslCAFile.rst
 
+.. include:: /includes/option/option-mongos-sslClusterCAFile.rst
+
 .. include:: /includes/option/option-mongos-sslCRLFile.rst
 
 .. include:: /includes/option/option-mongos-sslAllowConnectionsWithoutCertificates.rst
