Skip to content

DOCS-4903 #2230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

DOCS-4903 #2230

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions source/administration/production-notes.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -406,8 +406,8 @@ For all MongoDB deployments:
- Use the Network Time Protocol (NTP) to synchronize time among
your hosts. This is especially important in sharded clusters.

MongoDB Enterprise and SSL Libraries
````````````````````````````````````
MongoDB and SSL Libraries
`````````````````````````

On Linux platforms, you may observe one of the following statements in
the MongoDB log:
Expand Down
9 changes: 5 additions & 4 deletions source/includes/fact-ssl-supported.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
The `default distribution of MongoDB <http://www.mongodb.org/downloads>`_
does **not** contain support for SSL. To use SSL you can either compile
MongoDB with SSL support or use |ent-build|. See
:doc:`/tutorial/configure-ssl` for more information about SSL and MongoDB.
.. versionchanged:: 3.0

Most MongoDB distributions now include support for SSL. See
:doc:`/tutorial/configure-ssl` for more information about SSL and
MongoDB.
2 changes: 1 addition & 1 deletion source/includes/note-fips-is-enterprise-only.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.. note:: FIPS Compatible SSL is
.. note:: FIPS-compatible SSL is
available only in `MongoDB Enterprise
<http://www.mongodb.com/products/mongodb-enterprise>`_. See
:doc:`/tutorial/configure-fips` for more information.
21 changes: 7 additions & 14 deletions source/includes/options-mongo.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,8 +209,7 @@ description: |
Enables connection to a :program:`mongod` or :program:`mongos` that has
SSL support enabled.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongo
Expand All @@ -229,8 +228,7 @@ description: |
:setting:`~net.ssl.CAFile` enabled *without*
:setting:`~net.ssl.allowConnectionsWithoutCertificates`.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongo
Expand All @@ -250,8 +248,7 @@ description: |
specify the {{role}} option, the {{program}} will prompt for a
passphrase. See :ref:`ssl-certificate-password`.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongo
Expand All @@ -265,8 +262,7 @@ description: |
from the Certificate Authority. Specify the file name of the
:file:`.pem` file using relative or absolute paths.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst

.. include:: /includes/warning-always-use-sslCAFile-for-mongo.rst
optional: true
Expand All @@ -282,8 +278,7 @@ description: |
List. Specify the file name of the :file:`.pem` file using relative or
absolute paths.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongo
Expand All @@ -306,8 +301,7 @@ description: |
:setting:`~net.ssl.allowInvalidCertificates` setting, MongoDB logs as a
warning the use of the invalid certificate.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongo
Expand All @@ -331,6 +325,5 @@ inherit:
program: _shared
file: options-shared.yaml
post: |
The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
...
74 changes: 31 additions & 43 deletions source/includes/options-mongod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -604,8 +604,7 @@ description: |
- Recommended. Send the x.509 certificate for authentication and
accept only x.509 certificates.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongod
Expand Down Expand Up @@ -1135,48 +1134,47 @@ description: |
:option:`--port`. By default, :option:`--sslOnNormalPorts` is
disabled.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongod
name: sslMode
args: <mode>
directive: option
description: |
.. versionadded:: 2.6
.. versionadded:: 2.6

Enables SSL or mixed SSL used for all network connections. The
argument to the {{role}} option can be one of the following:
Enables SSL or mixed SSL used for all network connections. The
argument to the {{role}} option can be one of the following:

.. list-table::
:header-rows: 1
:widths: 20 40
.. list-table::
:header-rows: 1
:widths: 20 40

* - Value
* - Value

- Description

- Description
* - ``disabled``

* - ``disabled``
- The server does not use SSL.

- The server does not use SSL.
* - ``allowSSL``

* - ``allowSSL``
- Connections between servers do not use SSL. For incoming
connections, the server accepts both SSL and non-SSL.

- Connections between servers do not use SSL. For incoming
connections, the server accepts both SSL and non-SSL.
* - ``preferSSL``

* - ``preferSSL``
- Connections between servers use SSL. For incoming
connections, the server accepts both SSL and non-SSL.

- Connections between servers use SSL. For incoming
connections, the server accepts both SSL and non-SSL.
* - ``requireSSL``

* - ``requireSSL``
- The server uses and accepts only SSL encrypted connections.

- The server uses and accepts only SSL encrypted connections.
.. include:: /includes/fact-ssl-supported.rst

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
optional: true
---
program: mongod
Expand All @@ -1192,8 +1190,7 @@ description: |

When SSL is enabled, you must specify {{role}}.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongod
Expand All @@ -1213,8 +1210,7 @@ description: |
specify the {{role}} option, the {{program}} will prompt for a
passphrase. See :ref:`ssl-certificate-password`.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongod
Expand All @@ -1232,9 +1228,7 @@ description: |
authentication, the cluster uses the ``.pem`` file specified in the
{{pemKeyOption}} option.

The default distribution of MongoDB does not contain support for
SSL. For more information on MongoDB and SSL, see
:doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
replacement:
pemKeyOption: :option:`--sslPEMKeyFile`
Expand All @@ -1255,8 +1249,7 @@ description: |
{{role}} option, the {{program}} will prompt for a passphrase. See
:ref:`ssl-certificate-password`.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongod
Expand All @@ -1270,8 +1263,7 @@ description: |
from the Certificate Authority. Specify the file name of the
:file:`.pem` file using relative or absolute paths.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst

.. include:: /includes/warning-x509-requires-sslCAfile.rst
optional: true
Expand All @@ -1287,8 +1279,7 @@ description: |
List. Specify the file name of the :file:`.pem` file using relative or
absolute paths.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongod
Expand All @@ -1303,8 +1294,7 @@ description: |
the :setting:`~net.ssl.allowInvalidCertificates` setting, MongoDB
logs as a warning the use of the invalid certificate.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongod
Expand Down Expand Up @@ -1333,8 +1323,7 @@ description: |
Use the {{role}} option if you have a mixed deployment that includes
clients that do not or cannot present certificates to the {{program}}.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
replacement:
old_name: "``--sslAllowConnectionsWithoutCertificates``"
optional: true
Expand All @@ -1352,8 +1341,7 @@ description: |
{{program}} instances if the hostnames in their certificates do not
match their configured hostname.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: mongod
Expand Down
20 changes: 8 additions & 12 deletions source/includes/options-shared.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,8 +115,7 @@ description: |
Enables connection to a :program:`mongod` or :program:`mongos` that has
SSL support enabled.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: _shared
Expand All @@ -131,8 +130,7 @@ description: |
from the Certificate Authority. Specify the file name of the
:file:`.pem` file using relative or absolute paths.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst

.. include:: /includes/warning-always-use-sslCAFile-for-mongo.rst
optional: true
Expand All @@ -154,8 +152,7 @@ description: |
:setting:`~net.ssl.CAFile` enabled *without*
:setting:`~net.ssl.allowConnectionsWithoutCertificates`.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: _shared
Expand All @@ -175,8 +172,7 @@ description: |
the {{role}} option, the {{program}} will prompt for a passphrase. See
:ref:`ssl-certificate-password`.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: _shared
Expand All @@ -191,8 +187,7 @@ description: |
List. Specify the file name of the :file:`.pem` file using relative or
absolute paths.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: _shared
Expand All @@ -210,8 +205,7 @@ description: |
:setting:`~net.ssl.allowInvalidCertificates` setting, MongoDB logs as a
warning the use of the invalid certificate.

The default distribution of MongoDB does not contain support for SSL.
For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: _shared
Expand All @@ -225,6 +219,8 @@ description: |
Disables the validation of the hostnames in SSL certificates. Allows
{{program}} to connect to MongoDB instances if the hostname their
certificates do not match the specified hostname.

.. include:: /includes/fact-ssl-supported.rst
optional: true
---
program: _shared
Expand Down