DOCSP-35350 Add clusterCAFile (#50)

Co-authored-by: pierwill <[email protected]>
Co-authored-by: lmkerbey-mdb <[email protected]>

Author: pierwill

source/includes/steps-source-enable-authentication.yaml

@@ -42,6 +42,19 @@ content: |
          Click :guilabel:`Validate` to test that each host in your
          deployment has a |tls| |certauth| at the paths you specified.
 
+     * - Cluster TLS CA File Path
+       - The :file:`.pem` file that contains the root certificate chain from the Certificate Authority
+         used to validate the certificate presented by a client establishing a connection.
+         Specify the file name of the :file:`.pem` file using relative or absolute paths.
+         :setting:`net.tls.clusterCAFile` requires that :setting:`net.tls.CAFile` is set.
+
+         If you do not specify the :setting:`net.tls.clusterCAFile`, the cluster uses the :file:`.pem` file specified in the
+         :setting:`net.tls.CAFile` option.
+
+         :setting:`net.tls.clusterCAFile` lets you use separate Certificate
+         Authorities to verify the client-to-server and server-to-client
+         portions of the TLS handshake.
+
      * - Client Certificate Mode
        - Select if client applications or {+mdbagent+}\s must present a
          |tls| certificate when connecting to a |tls|\-enabled MongoDB

source/release-notes/changelogs/ops-manager/changelog-onprem-v7.0.rst

@@ -11,6 +11,7 @@
 - Adds ability to configure the ``net.tls.clusterCAFile`` parameter. 
 - Adds additional snapshot metrics to the snapshot summary table.
 - Adds ability to track restore block download performance.
+- Adds ability to specify a cluster CA file.
 - Improves MongoDB and S3-compatible blockstore snapshot performance for
   large files through enhanced memory utilization.
 - Improves the agent's ability to retry for more blockstore errors.