diff options
author | Cheahuychou Mao <mao.cheahuychou@gmail.com> | 2020-12-16 17:09:45 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-01-05 05:58:56 +0000 |
commit | 1dfe8355a2b034ded045191f4e3d4be827365621 (patch) | |
tree | dc6342e153caa69d5c59c71a6d8f1fdbfae37267 /jstests/ssl/x509 | |
parent | 2640ec0b0d800bf0a1e761fdb9c249b5d1ffa86a (diff) | |
download | mongo-1dfe8355a2b034ded045191f4e3d4be827365621.tar.gz |
SERVER-52706 Make tenant migration donor use a separate NetworkInterface and x509 certificate to connect to recipient
Diffstat (limited to 'jstests/ssl/x509')
-rw-r--r-- | jstests/ssl/x509/certs.yml | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/jstests/ssl/x509/certs.yml b/jstests/ssl/x509/certs.yml index 6b071dc883f..eaf9f690a10 100644 --- a/jstests/ssl/x509/certs.yml +++ b/jstests/ssl/x509/certs.yml @@ -299,6 +299,96 @@ certs: subjectAltName: DNS: ['localhost', '127.0.0.1', '::1'] +# For tenant migration testing. +- name: 'rs0.pem' + description: General purpose server certificate file. + Subject: + OU: 'rs0' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [serverAuth] + authorityKeyIdentifier: issuer + +- name: 'rs0_tenant_migration.pem' + description: Client certificate file for tenant migration donor or recipient. + Subject: + OU: 'rs0_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + +- name: 'rs0_tenant_migration_expired.pem' + description: + Client certificate file for tenant migration donor or recipient which has passed its expiration + date. + not_before: -10000000 + not_after: -1000000 + Subject: + OU: 'rs0_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + +- name: 'rs1.pem' + description: General purpose server certificate file. + Subject: + OU: 'rs1' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [serverAuth] + authorityKeyIdentifier: issuer + +- name: 'rs1_tenant_migration.pem' + description: Client certificate file for tenant migration donor or recipient. + Subject: + OU: 'rs1_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + +- name: 'rs2.pem' + description: General purpose server certificate file. + Subject: + OU: 'rs2' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [serverAuth] + authorityKeyIdentifier: issuer + +- name: 'rs2_tenant_migration.pem' + description: Client certificate file for tenant migration donor or recipient. + Subject: + OU: 'rs2_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + ### # Certificates not based on the primary root ca.pem ### |