Info
When MongoD loads a certificate from the Windows certificate store, it verifies there is a accessible private key to give users a clear error. This works correctly for CryptAPI created certificates but not CNG created certificates.
Additionally, we should warn users that if we get NTE_BAD_KEYSET, they need to fix their permissions on the private key when we load a CNG certificate.
Top User Comments
xgen-internal-githook commented on Fri, 1 Mar 2019 19:54:57 +0000:
Author:
{'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}
Message: SERVER-39571 mongod cannot verify certificates from the CNG provider
(cherry picked from commit 34cf12d1ea67a7f11266452e44f5c2241f453f23)
Branch: v4.0
https://github.com/mongodb/mongo/commit/cc2361a62962a3abd17ac20136d25ee2df279b70
xgen-internal-githook commented on Thu, 28 Feb 2019 16:56:29 +0000:
Author:
{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}
Message: SERVER-39571 mongod cannot verify certificates from the CNG provider
Branch: master
https://github.com/mongodb/mongo/commit/34cf12d1ea67a7f11266452e44f5c2241f453f23
Steps to Reproduce
1. Call New-SelfSignedCertificate
2. ./mongo.exe --ssl --sslCertificateSelector thumbprint=
