diff options
author | Cheahuychou Mao <mao.cheahuychou@gmail.com> | 2020-12-16 17:09:45 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-01-05 05:58:56 +0000 |
commit | dc3ef13edd2ec8054f97fd160e72dae5edec3061 (patch) | |
tree | b8198ba35ab8715f53df1b4ead6e493f034e2f1a /jstests/ssl | |
parent | 1dfe8355a2b034ded045191f4e3d4be827365621 (diff) | |
download | mongo-dc3ef13edd2ec8054f97fd160e72dae5edec3061.tar.gz |
SERVER-52707 Make tenant migration recipient use x509 certificate to connect to donor
Diffstat (limited to 'jstests/ssl')
-rw-r--r-- | jstests/ssl/x509/certs.yml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/jstests/ssl/x509/certs.yml b/jstests/ssl/x509/certs.yml index eaf9f690a10..2953a0448db 100644 --- a/jstests/ssl/x509/certs.yml +++ b/jstests/ssl/x509/certs.yml @@ -365,6 +365,50 @@ certs: - {role: backup, db: admin} - {role: advanceClusterTimeRole, db: admin} +- name: 'rs1_tenant_migration_expired.pem' + description: + Client certificate file for tenant migration donor or recipient which has passed its expiration + date. + not_before: -10000000 + not_after: -1000000 + Subject: + OU: 'rs1_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + +- name: 'rs1_tenant_migration_no_backup_role.pem' + description: + Client certificate file for tenant migration donor or recipient without backup role. + Subject: + OU: 'rs1_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: advanceClusterTimeRole, db: admin} + +- name: 'rs1_tenant_migration_no_advance_cluster_time_role.pem' + description: + Client certificate file for tenant migration donor or recipient without role to advance + cluster time. + Subject: + OU: 'rs1_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - name: 'rs2.pem' description: General purpose server certificate file. Subject: |