Skip to content

Commit bd46b62

Browse files
norareidynorareidy
authored
DOCSP-51853: Update client certificate info (#131)
* DOCSP-51853: Update client certificate info * edit
1 parent 4cd97ff commit bd46b62

File tree

1 file changed

+5
-11
lines changed

1 file changed

+5
-11
lines changed

source/connect/tls.txt

Lines changed: 5 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -80,18 +80,18 @@ in the following ways:
8080
:manual:`SRV Connection Format </reference/connection-string/#srv-connection-format>`
8181
in the {+mdb-server+} documentation.
8282

83-
.. _c-specify-ca-file:
83+
.. _c-specify-client-cert:
8484

85-
Specify a CA File
86-
------------------
85+
Specify a Client Certificate
86+
----------------------------
8787

8888
When you connect to a MongoDB deployment with TLS enabled, the deployment will by default require the client to provide
8989
a client certificate issued by a certificate authority, or an authority
9090
trusted by the native certificate store in use on the server.
9191

9292
You can provide the client certificate in the following ways:
9393

94-
- Setting the ``tlscertificatekeyfile`` parameter in your connection string to a ``.pem`` file containing the root certificate chain
94+
- Setting the ``tlsCertificateKeyFile`` parameter in your connection string to a ``.pem`` file containing the root certificate chain
9595
- Using the ``mongoc_uri_set_option_as_utf8()`` function to set the ``MONGOC_URI_TLSCERTIFICATEKEYFILE`` option
9696
to a ``.pem`` file containing the root certificate chain
9797

@@ -115,12 +115,6 @@ You can provide the client certificate in the following ways:
115115
:end-before: end-connect-ca-file-uri
116116
:dedent:
117117

118-
.. note::
119-
120-
If you don't specify a CA file when compiling against the Windows Native TLS library, the driver
121-
will use the Windows Certificate Store. To learn more, see the :ref:`c-native-tls`
122-
section of this guide.
123-
124118
.. _c-certificate-revocation:
125119

126120
Server Certificate Verification
@@ -199,7 +193,7 @@ and will issue an error if used.
199193
Encrypted PEM files, set by using the ``tlsCertificateKeyPassword`` URI option, are also not supported and will result in error when
200194
attempting to load them.
201195

202-
When ``tlsCAFile`` is set, the driver will only allow server certificates issued by one or more authorities provided.
196+
When ``tlsCAFile`` is set, the driver will import the file to the ``System Local Machine Root`` certificate store.
203197
When no ``tlsCAFile`` is set, the driver will look up the Certificate Authority using the ``System Local Machine Root``
204198
certificate store to confirm the provided certificate.
205199

0 commit comments

Comments
 (0)