DOCSP-28412 Removes Stale SSL Content (#2730) (#2788)

kennethdyer · web-flow · commit 4c29772b7eef · 2023-03-27T16:15:48.000-05:00
* DOCSP-28412 Removes stale SSL options from tutorial * Removes sections * Fixes build errors * Fixes build errors * Fixes build errors * Fixes build errors * Fixes per Dave * Heading fix * Fixes per Dave
diff --git a/source/tutorial/configure-ssl-clients.txt b/source/tutorial/configure-ssl-clients.txt
@@ -31,19 +31,8 @@ Clients must have support for TLS/SSL to connect to a
 
 .. _mongo-shell-tls-connect:
 
-``mongosh`` Configuration (Using ``tls`` Options)
--------------------------------------------------
-
-.. note::
-
-   Starting in version 4.2, MongoDB provides ``tls`` options that
-   corresponds to the ``ssl`` options. The ``tls`` options provide
-   **identical** functionality as the ``ssl`` options since MongoDB has
-   always supported TLS 1.0 and later.
-
-   The procedures in this section use the ``tls`` options. For
-   procedures using their ``ssl`` aliases, see
-   :ref:`mongo-shell-ssl-connect`.
+MongoDB Shell
+-------------
 
 :binary:`~bin.mongosh` provides various TLS/SSL settings,
 including:
@@ -111,14 +100,8 @@ certificate presented by the :binary:`~bin.mongod` or
 
 .. _tls-client-connection-only:
 
-Connect to MongoDB Instance Using Encryption (``tls`` Options)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-
-   The procedure uses the ``tls`` options (available starting in
-   MongoDB 4.2). For procedures using their ``ssl`` aliases, see
-   :ref:`mongo-shell-ssl-connect`.
+Connect to MongoDB Instances Using Encryption 
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` instance
 that requires :ref:`encrypted communication <ssl-mongod-ssl-cert-key>`,
@@ -149,14 +132,8 @@ the CA file.
 
 .. _mongo-connect-require-client-certificates-tls:
 
-Connect to MongoDB Instance that Requires Client Certificates (``tls`` Options)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-
-   The procedure uses the ``tls`` options (available starting in
-   MongoDB 4.2). For procedures using their ``ssl`` aliases, see
-   :ref:`mongo-shell-ssl-connect`.
+Connect to MongoDB Instances that Require Client Certificates 
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` that
 requires :ref:`CA-signed client certificates
@@ -237,162 +214,6 @@ Avoid Use of ``--tlsAllowInvalidCertificates`` Option
    hostname in the TLS/SSL certificates, see
    :option:`--tlsAllowInvalidHostnames <mongosh --tlsAllowInvalidHostnames>`.
 
-.. _mongo-shell-ssl-connect:
-
-``mongosh`` Configuration (Using ``ssl`` Options)
--------------------------------------------------
-
-:binary:`~bin.mongosh` provides various TLS/SSL settings, including:
-
-.. list-table::
-   :header-rows: 1
-   :widths: 30 70
-
-   * - SSL Option (Deprecated in 4.2)
-     - Notes
-
-   * - ``--ssl``
-     - Enables TLS/SSL connection.
-
-   * - ``--sslPEMKeyFile``
-
-     - Specifies the :file:`.pem` file that contains
-       :binary:`~bin.mongosh`'s certificate and key to present to
-       the :binary:`~bin.mongod` or :binary:`~bin.mongos` instance.
-
-   * - ``--sslPEMKeyPassword``
-
-     - If :binary:`~bin.mongosh`'s certificate key file is encrypted.
-
-   * - ``--sslCAFile``
-
-     - Specifies the Certificate Authority (CA) :file:`.pem` file for
-       verification of the certificate presented by the
-       :binary:`~bin.mongod` or the :binary:`~bin.mongos` instance.
-
-   * - ``--sslCertificateSelector``
-   
-     - If running on Windows or macOS, use a certificate from the
-       system certificate store. (*New in version 4.0*)
-
-For a complete list of ``ssl``
-options, see :mongosh:`SSL Options <mongosh-ssl>`.
-
-For TLS/SSL connections, :binary:`~bin.mongosh` validates the
-certificate presented by the :binary:`~bin.mongod` or
-:binary:`~bin.mongos` instance:
-
-- :binary:`~bin.mongosh` verifies that the certificate is from
-  the specified Certificate Authority ``--sslCAFile``. If the 
-  certificate is not from the specified CA, :binary:`~bin.mongosh` 
-  will fail to connect.
-
-- .. include:: /includes/extracts/ssl-facts-mongo-ssl-hostname-verification.rst
-
-  To connect :binary:`~bin.mongosh` to a :binary:`~bin.mongod` or
-  :binary:`~bin.mongos` that requires TLS/SSL, specify the
-  :option:`--host <mongosh --host>` option or use a :doc:`connection
-  string </reference/connection-string>` to specify the hostname. All
-  other ``TLS/SSL`` options must be specified using the command-line
-  options.
-
-.. _ssl-client-connection-only:
-
-Connect to MongoDB Instance Using Encryption (``--ssl`` Options)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-
-   The procedure uses the ``ssl`` options. For procedures using the
-   ``tls`` aliases (available starting in MongoDB 4.2), see
-   :mongosh:`mongo-shell-tls`.
-   
-To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` instance
-that requires :ref:`encrypted communication <ssl-mongod-ssl-cert-key>`,
-start :binary:`~bin.mongosh` with:
-
-- ``--ssl``
-
-- :option:`--host <mongosh --host>` and ``--sslCAFile`` to validate the 
-  server certificate.
-
-For example, consider a :binary:`~bin.mongod` instance running on
-``hostname.example.com`` with the following options:
-
-.. code-block:: bash
-
-   mongod --sslMode requireSSL --sslPEMKeyFile <pem> 
-
-To connect to the instance, start :binary:`~bin.mongosh` with the
-following options:
-
-.. code-block:: bash
-
-   mongosh --ssl --host hostname.example.com --sslCAFile /etc/ssl/caToValidateServerCertificates.pem
-
-:binary:`~bin.mongosh` verifies the certificate presented by
-the :binary:`~bin.mongod` instance against the specified hostname
-and the CA file.
-
-.. _mongo-connect-require-client-certificates-ssl:
-
-Connect to MongoDB Instance that Requires Client Certificates (``ssl`` Options)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-
-   The procedure uses the ``ssl`` options. For procedures using the
-   ``tls`` aliases (available starting in MongoDB 4.2), see
-   :ref:`mongo-shell-tls-connect`.
-
-To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` that
-requires :ref:`CA-signed client certificates
-<ssl-mongod-ca-signed-ssl-cert-key>`, start :binary:`~bin.mongosh` with:
-
-- ``--ssl``
-
-- :option:`--host <mongosh --host>` and the ``--sslCAFile`` to 
-  validate the server certificate,
-
-- ``--sslPEMKeyFile`` option to specify
-  the client certificate to present to the server.
-
-For example, consider a :binary:`~bin.mongod` instance running on
-``hostname.example.com`` with the following options:
-
-.. code-block:: bash
-
-   mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem --sslCAFile /etc/ssl/ca.pem
-
-To connect to the instance, start :binary:`~bin.mongosh` with the
-following options:
-
-.. code-block:: bash
-
-   mongosh --ssl --host hostname.example.com --sslPEMKeyFile /etc/ssl/client.pem --sslCAFile /etc/ssl/ca.pem
-
-On Windows and macOS
-````````````````````
-
-You can also use the ``--sslCertificateSelector`` option to specify the
-client certificate from the system certificate store instead of using
-``--sslPEMKeyFile``. If the CA file is also in the system certificate
-store, you can omit the ``--sslCAFile`` option.
-
-For example, to use a certificate with the ``CN`` (Common Name) of
-``myclient.example.net`` and the CA file from the system certificate
-store on macOS, start :binary:`~bin.mongosh` with the following
-options:
-
-.. code-block:: bash
-
-   mongosh --ssl  --host hostname.example.com --sslCertificateSelector subject=myclient.example.net 
-
-Avoid Use of ``--sslAllowInvalidCertificates`` Option
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. include:: /includes/extracts/ssl-facts-invalid-cert-warning-clients.rst
-
 |atlas|, |MMS| and MongoDB Ops Manager
 --------------------------------------
 
@@ -445,9 +266,9 @@ tools include:
 - :binary:`~bin.mongostat`
 - :binary:`~bin.mongotop`
 
-To use encrypted communication with these tools, use the same ``ssl`` options as
-:binary:`~bin.mongosh`. See :ref:`mongo-shell-ssl-connect`.
+To use encrypted communication with these tools, use the same ``tls`` options as
+:binary:`~bin.mongosh`. See :ref:`mongo-shell-tls-connect`.
 
 .. seealso::
 
-   :doc:`/tutorial/configure-ssl`
+   :ref:`configure-mongod-mongos-for-tls-ssl`
diff --git a/source/tutorial/configure-ssl.txt b/source/tutorial/configure-ssl.txt
@@ -791,7 +791,7 @@ can only use TLS/SSL connections:
    mongod --config <path/to/configuration/file>
 
 That is, clients must specify TLS/SSL connections. See
-:ref:`ssl-client-connection-only` for more information on
+:ref:`tls-client-connection-only` for more information on
 connecting with TLS/SSL.
 
 .. seealso::
@@ -904,9 +904,9 @@ its clients:
 
    mongod --config <path/to/configuration/file>
 
-That is, clients must specify TLS/SSL connections and presents its
+That is, clients must specify TLS/SSL connections and present their
 certificate key file to the instance. See
-:ref:`mongo-connect-require-client-certificates-ssl` for more
+:ref:`mongo-connect-require-client-certificates-tls` for more
 information on connecting with TLS/SSL.
 
 .. seealso::
@@ -958,7 +958,7 @@ To prevent clients with revoked certificates from connecting to the
              CAFile: /etc/ssl/caToValidateClientCertificates.pem
              CRLFile: /etc/ssl/revokedCertificates.pem
 
-      Clients who presents certificates that are listed in the
+      Clients who present certificates that are listed in the
       :file:`/etc/ssl/revokedCertificates.pem` will not be able to connect.
 
       .. seealso::
