Skip to content

Syed sabeeh

← MongoDB Feedback Engine

My feedback

2 results found

  1. Allow Windows/Mac users to select Client certificate from system certificate store

    4 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Compass  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Syed sabeeh supported this idea  · 

  2. SSL - Allow access to Trusted Root Certification Authorities in Windows

    3 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Compass » Connectivity  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    Syed sabeeh commented  · 

    You are right

    The options such as tlsUseSystemCA and tlsCertificateSelector are not available for usage in connection string. Due to this issue you have to convert pfx or cer files in pem and then refer to them in connection string. This completely defeats the purpose of windows certificate store as far as compass and connection strings are concerned; furthermore, some organizations have problem with using multiple types of certificates (due to security reasons). Not to mention this issue is not even found written in Mongodb documentations.

    For example if I have a shell command like this

    "mongosh "mongodb://Server01:27017,Server02:27017,Server03:27017/?tls=true&tlsAllowInvalidHostnames=true" --tlsCertificateSelector "subject=testingcertificate" --tlsUseSystemCA"

    The connection string does not give me option to use "tlsCertificateSelector" and "tlsUseSystemCA" so I cannot possible utilize certificate store.

    Syed sabeeh supported this idea  · 

Feedback and Knowledge Base

(thinking…)