DOCS-12092: add SAN/CN blurb to another section

kay-kim · kay-kim · commit cfb02eb31bdd · 2018-11-13T15:31:49.000-05:00
diff --git a/source/tutorial/configure-encryption.txt b/source/tutorial/configure-encryption.txt
@@ -139,6 +139,14 @@ key manager by starting :binary:`~bin.mongod` with the following options:
      --kmipPort <KMIP server port> --kmipServerCAFile ca.pem \
      --kmipClientCertificateFile client.pem --kmipKeyIdentifier <UID>
 
+When connecting to the KMIP server, the :binary:`~bin.mongod` verifies
+that the specified :option:`--kmipServerName <mongod --kmipServerName>`
+matches the Subject Alternative Name ``SAN`` (or, if ``SAN`` is not
+present, the Common Name ``CN``) in the certificate presented by the
+KMIP server. If ``SAN`` is present, :binary:`~bin.mongod` does not
+match against the ``CN``. If the hostname does not match the ``SAN``
+(or ``CN``), the :binary:`~bin.mongod` will fail to connect.
+
 .. seealso:: :ref:`encryption-key-management-options`
 
 Local Key Management
