diff options
author | melissaosullivan <melissakellyosullivan@gmail.com> | 2014-07-28 15:22:08 -0400 |
---|---|---|
committer | Benety Goh <benety@mongodb.com> | 2014-08-08 05:56:35 -0400 |
commit | 1b1842be9b0b4500eb00b110841eaed41003b742 (patch) | |
tree | 043036492bf233d90fc904fc5ef9ec72c87346ff /jstests/ssl/ssl_invalid_server_cert.js | |
parent | fe950f19e616a86fdea70da66eda658d64489a5e (diff) | |
download | mongo-1b1842be9b0b4500eb00b110841eaed41003b742.tar.gz |
SERVER-11107 Server SSL certificate expiration date check tests
Closes #734
Signed-off-by: Benety Goh <benety@mongodb.com>
Diffstat (limited to 'jstests/ssl/ssl_invalid_server_cert.js')
-rw-r--r-- | jstests/ssl/ssl_invalid_server_cert.js | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_invalid_server_cert.js b/jstests/ssl/ssl_invalid_server_cert.js new file mode 100644 index 00000000000..d179c944fae --- /dev/null +++ b/jstests/ssl/ssl_invalid_server_cert.js @@ -0,0 +1,23 @@ +// Test SSL Certificate Expiration Monitoring +// This tests that a mongod with --sslMode requireSSL will not start with an +// X.509 certificate that is not yet valid or has expired. +ports = allocatePorts(1); +port = ports[0]; +var baseName = "jstests_ssl_ssl_invalid_server_cert"; + +// This test ensures that a mongod will not start with a certificate that is +// not yet valid. Tested certificate will become valid 06-17-2020. +var md = startMongod("--port", port, "--dbpath", MongoRunner.dataPath + baseName, + "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/not_yet_valid.pem", + "--sslCAFile", "jstests/libs/ca.pem"); + +assert.eq(null, md, "Possible to start mongod with not yet valid certificate."); + +// This test ensures that a mongod with SSL will not start with an expired certificate. +md = startMongod("--port", port, "--dbpath", MongoRunner.dataPath + baseName, + "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/expired.pem", + "--sslCAFile", "jstests/libs/ca.pem"); + +assert.eq(null, md, "Possible to start mongod with expired certificate"); |