SSL - Allow access to Trusted Root Certification Authorities in Windows
Allow Compass to access the Trusted Root Certification Authorities Certificate Store in Windows to be able to connect via SSL with a system-wide root CA file (without explicitly specifying the CA file).
Jozsef
shared this idea
-
Syed sabeeh
commented
You are right
The options such as tlsUseSystemCA and tlsCertificateSelector are not available for usage in connection string. Due to this issue you have to convert pfx or cer files in pem and then refer to them in connection string. This completely defeats the purpose of windows certificate store as far as compass and connection strings are concerned; furthermore, some organizations have problem with using multiple types of certificates (due to security reasons). Not to mention this issue is not even found written in Mongodb documentations.
For example if I have a shell command like this
"mongosh "mongodb://Server01:27017,Server02:27017,Server03:27017/?tls=true&tlsAllowInvalidHostnames=true" --tlsCertificateSelector "subject=testingcertificate" --tlsUseSystemCA"
The connection string does not give me option to use "tlsCertificateSelector" and "tlsUseSystemCA" so I cannot possible utilize certificate store.