Skip to content

Commit

Permalink
DOCS-16619 Clarify allowInvalidCertificates and allowInvalidHostnames (
Browse files Browse the repository at this point in the history
…#6129) (#6190)

* DOCS-16619 Clarify allowInvalidCertificates and allowInvalidHostnames parameter scope

* edits

* CT feedback
  • Loading branch information
ajhuh-mdb authored Feb 2, 2024
1 parent f5ca828 commit c75e050
Showing 1 changed file with 10 additions and 8 deletions.
18 changes: 10 additions & 8 deletions source/reference/configuration-options.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1725,11 +1725,11 @@ Core Options

.. include:: /includes/extracts/tls-facts-x509-invalid-certificate.rst

When using
the :setting:`net.tls.allowInvalidCertificates` setting, MongoDB
When using the ``net.tls.allowInvalidCertificates`` setting, MongoDB
logs a warning regarding the use of the invalid certificate.

.. include:: /includes/extracts/tls-facts-see-more.rst
For more information about TLS and MongoDB, see
:ref:`configure-mongod-mongos-for-tls-ssl` and :ref:`inter-process-auth`.


.. setting:: net.tls.allowInvalidHostnames
Expand All @@ -1738,12 +1738,14 @@ Core Options

*Default*: false

When :setting:`net.tls.allowInvalidHostnames` is ``true``, MongoDB disables the validation of the
hostnames in TLS certificates, allowing :binary:`~bin.mongod` to connect to
MongoDB instances if the hostname their certificates do not match the
specified hostname.
When ``net.tls.allowInvalidHostnames`` is ``true``, MongoDB disables
the validation of the hostnames in TLS certificates. This allows
:binary:`~bin.mongod` or :binary:`~bin.mongos` to connect to other MongoDB
instances in the cluster, even if the hostname of their certificates does not
match the specified hostname.

.. include:: /includes/extracts/tls-facts-see-more.rst
For more information about TLS and MongoDB, see
:ref:`configure-mongod-mongos-for-tls-ssl`.


.. setting:: net.tls.disabledProtocols
Expand Down

0 comments on commit c75e050

Please sign in to comment.