Ability to invalidate or revoke a X.509 certificate that was not expired.
Currently, X.509 certificates can be issued for authentication and authorization. However, it is not possible to invalidate an already issued certificate. In a situation where the certificate would be compromised, it is therefore not possible to invalidate it and re-issue a new one. The only way is to delete the user associated with the certificate and create a new user account (New CN).

1 comment
-
AdminSalman (Admin, MongoDB) commented
Hi Geoffrey,
Thank you for sharing the suggestion. Could you share here or in an email (product.security@mongodb.com) the scenario under which deleting a user is not feasible when a certificate is compromised?
Salman