3 files changed, 17 insertions, 1 deletions

diff --git a/jstests/ssl/ssl_withhold_client_cert.js b/jstests/ssl/ssl_withhold_client_cert.js
index 3839e5d6aef..e8084c98439 100644
--- a/jstests/ssl/ssl_withhold_client_cert.js
+++ b/jstests/ssl/ssl_withhold_client_cert.js
@@ -42,4 +42,12 @@
                                        base_options);
 
     testRS(test_options, true);
+
+    const depr_options = Object.extend({
+        sslAllowConnectionsWithoutCertificates: '',
+        setParameter: 'sslWithholdClientCertificate=true',
+    },
+                                       base_options);
+
+    testRS(depr_options, true);
 }());
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 59601090989..6a4a39c8d2a 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -68,6 +68,12 @@ ExportedServerParameter<bool, ServerParameterType::kStartupOnly> tlsWithholdClie
     "tlsWithholdClientCertificate",
     &sslGlobalParams.tlsWithholdClientCertificate);
 
+// Deprecated alias for tlsWithholdClientCertificate
+ExportedServerParameter<bool, ServerParameterType::kStartupOnly> sslWithholdClientCertificate(
+    ServerParameterSet::getGlobal(),
+    "sslWithholdClientCertificate",
+    &sslGlobalParams.tlsWithholdClientCertificate);
+
 }  // namespace
 
 class OpenSSLCipherConfigParameter
diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp
index fa9fe9108ca..2cc64b4926e 100644
--- a/src/mongo/util/net/ssl_options_server.cpp
+++ b/src/mongo/util/net/ssl_options_server.cpp
@@ -120,7 +120,9 @@ Status addSSLServerOptions(moe::OptionSection* options) {
     options->addOptionChaining("net.tls.clusterCAFile",
                                "tlsClusterCAFile",
                                moe::String,
-                               "CA used for verifying remotes during outbound connections");
+                               "CA used for verifying remotes during outbound connections",
+                               {"net.ssl.clusterCAFile"},
+                               {"sslClusterCAFile"});
 
     options->addOptionChaining("net.tls.CRLFile",
                                "tlsCRLFile",