From 72f4a40facec6d795493cbc9d669d2aaf8774d04 Mon Sep 17 00:00:00 2001 From: Jeff Allen Date: Tue, 13 Jul 2021 17:13:10 -0400 Subject: [PATCH] Replace mongo options with mongosh --- snooty.toml | 3 +- .../security/appendixC-openssl-client.txt | 2 +- source/core/retryable-writes.txt | 2 +- source/core/security-ldap-external.txt | 10 ++-- source/core/security-x.509.txt | 16 ++--- source/core/sharded-cluster-query-router.txt | 6 +- source/includes/extracts-ssl-facts.yaml | 2 +- source/includes/fact-authenticate.rst | 6 +- ...p-sasl-activedirectory-authentication.yaml | 14 ++--- ...-windows-with-kerberos-authentication.yaml | 2 +- ...-mongodb-with-kerberos-authentication.yaml | 2 +- .../steps-csfle-shell-aws-create-key.yaml | 4 +- .../steps-csfle-shell-azure-create-key.yaml | 4 +- .../steps-csfle-shell-gcp-create-key.yaml | 4 +- .../steps-csfle-shell-local-create-key.yaml | 4 +- ...s-kerberos-auth-activedirectory-authz.yaml | 18 +++--- source/reference/command/getLog.txt | 4 +- source/reference/command/shutdown.txt | 2 +- source/reference/connection-string.txt | 4 +- .../reference/method/Mongo.startSession.txt | 2 +- source/reference/method/SessionOptions.txt | 2 +- source/reference/method/db.auth.txt | 6 +- source/reference/method/db.shutdownServer.txt | 2 +- source/reference/program/mongo.txt | 2 +- source/tutorial/configure-ssl-clients.txt | 60 +++++++++---------- .../configure-x509-client-authentication.txt | 32 +++++----- 26 files changed, 108 insertions(+), 107 deletions(-) diff --git a/snooty.toml b/snooty.toml index 312aa63c2e0..5e6c62f6c1f 100644 --- a/snooty.toml +++ b/snooty.toml @@ -6,7 +6,8 @@ intersphinx = [ "https://pymongo.readthedocs.io/en/stable/objects.inv", "https://docs.atlas.mongodb.com/objects.inv", "https://docs.mongodb.com/php-library/master/objects.inv", "https://docs.mongodb.com/compass/current/objects.inv", - "https://docs.mongodb.com/database-tools/objects.inv" + "https://docs.mongodb.com/database-tools/objects.inv", + "https://docs.mongodb.com/mongodb-shell/objects.inv" ] # toc_landing_pages are pages that have pages nested beneath them diff --git a/source/appendix/security/appendixC-openssl-client.txt b/source/appendix/security/appendixC-openssl-client.txt index f7e78d2b86b..5d0d859d709 100644 --- a/source/appendix/security/appendixC-openssl-client.txt +++ b/source/appendix/security/appendixC-openssl-client.txt @@ -174,7 +174,7 @@ B. Generate the Test PEM File for Client mongosh --tls --tlsCertificateSelector subject="" - Although still available, :option:`--ssl ` and + Although still available, :option:`--ssl ` and :option:`--sslCertificateSelector ` are :ref:`deprecated as of MongoDB 4.2 <4.2-tls>`. diff --git a/source/core/retryable-writes.txt b/source/core/retryable-writes.txt index 352dab1c796..3a0a09ea5a8 100644 --- a/source/core/retryable-writes.txt +++ b/source/core/retryable-writes.txt @@ -75,7 +75,7 @@ MongoDB Drivers :mongosh:`mongosh ` To enable retryable writes in :mongosh:`mongosh `, use - the :option:`--retryWrites ` command line option: + the :option:`--retryWrites ` command line option: .. code-block:: bash diff --git a/source/core/security-ldap-external.txt b/source/core/security-ldap-external.txt index c5508447c92..a71c181c60b 100644 --- a/source/core/security-ldap-external.txt +++ b/source/core/security-ldap-external.txt @@ -405,9 +405,9 @@ Connecting to a MongoDB server using LDAP Authorization When using LDAP for authorization, users connecting via :mongosh:`mongosh ` must: -- set :option:`--authenticationDatabase ` to ``$external``. +- set :option:`--authenticationDatabase ` to ``$external``. -- set :option:`--authenticationMechanism ` to the appropriate authentication +- set :option:`--authenticationMechanism ` to the appropriate authentication mechanism. If using :ref:`LDAP authentication `, set this to ``PLAIN``. @@ -417,13 +417,13 @@ When using LDAP for authorization, users connecting via If using :ref:`x.509 `, set this to ``MONGODB-X.509``. -- set :option:`--username ` to a username that respects the +- set :option:`--username ` to a username that respects the :setting:`security.ldap.authz.queryTemplate`, or any configured :setting:`security.ldap.userToDNMapping` template. -- set :option:`--password ` to the appropriate password. +- set :option:`--password ` to the appropriate password. -Include the :option:`--host ` and :option:`--port ` of the MongoDB server, +Include the :option:`--host ` and :option:`--port ` of the MongoDB server, along with any other options relevant to your deployment. For example, the following operation authenticates to a MongoDB server running diff --git a/source/core/security-x.509.txt b/source/core/security-x.509.txt index 9ea5d0eafcb..196580e6c80 100644 --- a/source/core/security-x.509.txt +++ b/source/core/security-x.509.txt @@ -65,14 +65,14 @@ To connect and authenticate using x.509 client certificate: - For MongoDB 4.2 or greater, include the following options for the client: - - :option:`--tls ` (or the deprecated :option:`--ssl + - :option:`--tls ` (or the deprecated :option:`--ssl ` option) - - :option:`--tlsCertificateKeyFile ` + - :option:`--tlsCertificateKeyFile ` (or the deprecated :option:`--sslPEMKeyFile ` option) - - :option:`--tlsCertificateKeyFilePassword ` + - :option:`--tlsCertificateKeyFilePassword ` (or the deprecated :option:`--sslPEMKeyPassword ` option) if the certificate key file is encrypted @@ -84,17 +84,17 @@ To connect and authenticate using x.509 client certificate: - For MongoDB 4.0 and earlier, include the following options for the client: - - :option:`--ssl ` + - :option:`--ssl ` - - :option:`--sslPEMKeyFile ` + - :option:`--sslPEMKeyFile ` - - :option:`--sslPEMKeyPassword ` option if - the :option:`--sslPEMKeyFile ` is encrypted. + - :option:`--sslPEMKeyPassword ` option if + the :option:`--sslPEMKeyFile ` is encrypted. - :option:`--authenticationDatabase '$external' ` - - :option:`--authenticationMechanism MONGODB-X509 ` + - :option:`--authenticationMechanism MONGODB-X509 ` You can also make the TLS/SSL connection first, and then use :method:`db.auth()` in the ``$external`` database to authenticate. diff --git a/source/core/sharded-cluster-query-router.txt b/source/core/sharded-cluster-query-router.txt index 10e1ed6e43f..afbd0f30240 100644 --- a/source/core/sharded-cluster-query-router.txt +++ b/source/core/sharded-cluster-query-router.txt @@ -346,9 +346,9 @@ server>`, with the :option:`--auth ` option in order to enforce R Alternatively, enforcing :doc:`/core/security-internal-authentication` for inter-cluster security also enables user access controls via RBAC. -With RBAC enforced, clients must specify a :option:`--username `, -:option:`--password `, and -:option:`--authenticationDatabase ` when +With RBAC enforced, clients must specify a :option:`--username `, +:option:`--password `, and +:option:`--authenticationDatabase ` when connecting to the :binary:`~bin.mongos` in order to access cluster resources. Each cluster has its own cluster users. These users cannot be used diff --git a/source/includes/extracts-ssl-facts.yaml b/source/includes/extracts-ssl-facts.yaml index 5c52dc9c790..8bf237c88b5 100644 --- a/source/includes/extracts-ssl-facts.yaml +++ b/source/includes/extracts-ssl-facts.yaml @@ -82,7 +82,7 @@ ref: ssl-facts-mongo-ssl-hostname-verification content: | :mongosh:`mongosh ` verifies that the hostname (specified - in :option:`--host ` option or the connection string) + in :option:`--host ` option or the connection string) matches the ``SAN`` (or, if ``SAN`` is not present, the ``CN``) in the certificate presented by the :binary:`~bin.mongod` or :binary:`~bin.mongos`. If ``SAN`` is present, :mongosh:`mongosh ` diff --git a/source/includes/fact-authenticate.rst b/source/includes/fact-authenticate.rst index b05bb0c6f9b..23c4a23bad6 100644 --- a/source/includes/fact-authenticate.rst +++ b/source/includes/fact-authenticate.rst @@ -5,9 +5,9 @@ associated with that user. To authenticate using :mongosh:`mongosh `, either: - Use the :mongosh:`mongosh ` command-line authentication options - (:option:`--username `, - :option:`--password `, and - :option:`--authenticationDatabase `) + (:option:`--username `, + :option:`--password `, and + :option:`--authenticationDatabase `) when connecting to the :binary:`~bin.mongod` or :binary:`~bin.mongos` instance, or diff --git a/source/includes/steps-configure-ldap-sasl-activedirectory-authentication.yaml b/source/includes/steps-configure-ldap-sasl-activedirectory-authentication.yaml index 80e26cad708..3737054d776 100644 --- a/source/includes/steps-configure-ldap-sasl-activedirectory-authentication.yaml +++ b/source/includes/steps-configure-ldap-sasl-activedirectory-authentication.yaml @@ -283,12 +283,12 @@ pre: | Use :mongosh:`mongosh ` to authenticate to the MongoDB server, set the following options: - - :option:`--host ` with the hostname of the MongoDB server - - :option:`--port ` with the port of the MongoDB server - - :option:`--username ` to the user's username - - :option:`--password ` to the user's password - - :option:`--authenticationMechanism ` to ``'PLAIN'`` - - :option:`--authenticationDatabase ` to ``'$external'`` + - :option:`--host ` with the hostname of the MongoDB server + - :option:`--port ` with the port of the MongoDB server + - :option:`--username ` to the user's username + - :option:`--password ` to the user's password + - :option:`--authenticationMechanism ` to ``'PLAIN'`` + - :option:`--authenticationDatabase ` to ``'$external'`` .. example:: @@ -317,7 +317,7 @@ pre: | .. note:: If you want to authenticate as an existing non-``$external`` user, set - :option:`--authenticationMechanism ` to SCRAM authentication mechanism (e.g. ``SCRAM-SHA-1`` or ``SCRAM-SHA-256`` as appropriate). This requires + :option:`--authenticationMechanism ` to SCRAM authentication mechanism (e.g. ``SCRAM-SHA-1`` or ``SCRAM-SHA-256`` as appropriate). This requires that the MongoDB server's :setting:`setParameter` :parameter:`authenticationMechanisms` includes ``SCRAM-SHA-1`` and/or ``SCRAM-SHA-256``. diff --git a/source/includes/steps-control-access-to-mongodb-windows-with-kerberos-authentication.yaml b/source/includes/steps-control-access-to-mongodb-windows-with-kerberos-authentication.yaml index eff5f49355f..b7886739c45 100644 --- a/source/includes/steps-control-access-to-mongodb-windows-with-kerberos-authentication.yaml +++ b/source/includes/steps-control-access-to-mongodb-windows-with-kerberos-authentication.yaml @@ -113,7 +113,7 @@ action: option, rather than an IP address or unqualified hostname. If you are connecting to a system whose hostname does not - match the Kerberos name, use :option:`--gssapiHostName ` + match the Kerberos name, use :option:`--gssapiHostName ` to specify the Kerberos FQDN that it responds to. - pre: | Alternatively, you can first connect :binary:`mongo.exe diff --git a/source/includes/steps-control-access-to-mongodb-with-kerberos-authentication.yaml b/source/includes/steps-control-access-to-mongodb-with-kerberos-authentication.yaml index f945fa85f36..3614a293335 100644 --- a/source/includes/steps-control-access-to-mongodb-with-kerberos-authentication.yaml +++ b/source/includes/steps-control-access-to-mongodb-with-kerberos-authentication.yaml @@ -120,7 +120,7 @@ action: option, rather than an IP address or unqualified hostname. If you are connecting to a system whose hostname does not - match the Kerberos name, use :option:`--gssapiHostName ` + match the Kerberos name, use :option:`--gssapiHostName ` to specify the Kerberos FQDN that it responds to. - pre: | Alternatively, you can first connect :mongosh:`mongosh ` to the diff --git a/source/includes/steps-csfle-shell-aws-create-key.yaml b/source/includes/steps-csfle-shell-aws-create-key.yaml index ae27313edf5..ab663260592 100644 --- a/source/includes/steps-csfle-shell-aws-create-key.yaml +++ b/source/includes/steps-csfle-shell-aws-create-key.yaml @@ -20,8 +20,8 @@ content: | - ``AWS_SECRET_ACCESS_KEY`` Next, create :mongosh:`mongosh ` session using the - :option:`--eval `, :option:`--shell `, - and :option:`--nodb ` options: + :option:`--eval `, :option:`--shell `, + and :option:`--nodb ` options: .. code-block:: bash diff --git a/source/includes/steps-csfle-shell-azure-create-key.yaml b/source/includes/steps-csfle-shell-azure-create-key.yaml index d50092a6112..89bdefc4293 100644 --- a/source/includes/steps-csfle-shell-azure-create-key.yaml +++ b/source/includes/steps-csfle-shell-azure-create-key.yaml @@ -19,8 +19,8 @@ content: | - ``AZURE_CLIENT_SECRET`` Next, create a :mongosh:`mongosh ` session using the - :option:`--eval `, :option:`--shell `, - and :option:`--nodb ` options: + :option:`--eval `, :option:`--shell `, + and :option:`--nodb ` options: .. code-block:: bash diff --git a/source/includes/steps-csfle-shell-gcp-create-key.yaml b/source/includes/steps-csfle-shell-gcp-create-key.yaml index 53b8ed45e53..c6fb56fc598 100644 --- a/source/includes/steps-csfle-shell-gcp-create-key.yaml +++ b/source/includes/steps-csfle-shell-gcp-create-key.yaml @@ -18,8 +18,8 @@ content: | - ``GCP_PRIVATEKEY`` Next, create a :mongosh:`mongosh ` session using the - :option:`--eval `, :option:`--shell `, - and :option:`--nodb ` options: + :option:`--eval `, :option:`--shell `, + and :option:`--nodb ` options: .. code-block:: bash diff --git a/source/includes/steps-csfle-shell-local-create-key.yaml b/source/includes/steps-csfle-shell-local-create-key.yaml index 62a5ef60936..8bd2ac58dd0 100644 --- a/source/includes/steps-csfle-shell-local-create-key.yaml +++ b/source/includes/steps-csfle-shell-local-create-key.yaml @@ -38,8 +38,8 @@ level: 4 content: | Create a :mongosh:`mongosh ` session using the :option:`--eval - `, :option:`--shell `, and - :option:`--nodb ` options: + `, :option:`--shell `, and + :option:`--nodb ` options: .. code-block:: bash diff --git a/source/includes/steps-kerberos-auth-activedirectory-authz.yaml b/source/includes/steps-kerberos-auth-activedirectory-authz.yaml index 485d405abcc..15f3f3204ee 100644 --- a/source/includes/steps-kerberos-auth-activedirectory-authz.yaml +++ b/source/includes/steps-kerberos-auth-activedirectory-authz.yaml @@ -93,7 +93,7 @@ level: 4 pre: | Connect to the MongoDB server using :mongosh:`mongosh ` using the - :option:`--host ` and :option:`--port ` options. + :option:`--host ` and :option:`--port ` options. .. code-block:: bash @@ -103,7 +103,7 @@ pre: | authenticate to the ``admin`` database as a user with role management privileges, such as those provided by :authrole:`userAdmin` or :authrole:`userAdminAnyDatabase`. Include the appropriate - :option:`--authenticationMechanism ` for the + :option:`--authenticationMechanism ` for the MongoDB server's configured authentication mechanism. .. code-block:: bash @@ -479,12 +479,12 @@ pre: | Use :mongosh:`mongosh ` to authenticate to the MongoDB server, set the following options: - - :option:`--host ` with the hostname of the MongoDB server - - :option:`--port ` with the port of the MongoDB server - - :option:`--username ` to the user's ``userPrincipalName`` - - :option:`--password ` to the user's password (or omit to have :mongosh:`mongosh ` prompt for the password) - - :option:`--authenticationMechanism ` to ``"GSSAPI"`` - - :option:`--authenticationDatabase ` to ``"$external"`` + - :option:`--host ` with the hostname of the MongoDB server + - :option:`--port ` with the port of the MongoDB server + - :option:`--username ` to the user's ``userPrincipalName`` + - :option:`--password ` to the user's password (or omit to have :mongosh:`mongosh ` prompt for the password) + - :option:`--authenticationMechanism ` to ``"GSSAPI"`` + - :option:`--authenticationDatabase ` to ``"$external"`` .. example:: @@ -513,7 +513,7 @@ pre: | .. note:: If you want to authenticate as an existing non-``$external`` user, set - :option:`--authenticationMechanism ` to a SCRAM authentication mechanism (e.g. ``SCRAM-SHA-1`` or ``SCRAM-SHA-256``). This requires + :option:`--authenticationMechanism ` to a SCRAM authentication mechanism (e.g. ``SCRAM-SHA-1`` or ``SCRAM-SHA-256``). This requires that the MongoDB server's :setting:`setParameter` :parameter:`authenticationMechanisms` includes ``SCRAM-SHA-1`` and/or ``SCRAM-SHA-256`` as appropriate. --- diff --git a/source/reference/command/getLog.txt b/source/reference/command/getLog.txt index 83dfe4c3b00..6a6a9640e82 100644 --- a/source/reference/command/getLog.txt +++ b/source/reference/command/getLog.txt @@ -142,7 +142,7 @@ Outside ``mongosh`` with ``jq`` .. include:: /includes/fact-use-jq-with-structured-logging.rst To use ``jq`` with :dbcommand:`getLog` output, you must use the -:option:`--eval ` option to :mongosh:`mongosh `. +:option:`--eval ` option to :mongosh:`mongosh `. The following operation uses ``jq`` to filter on the **REPL** :ref:`component ` to present only those log messages associated with replication: @@ -153,7 +153,7 @@ messages associated with replication: Be sure to provide any necessary connection-specific parameters to :mongosh:`mongosh ` as needed, such as :option:`--host -` or :option:`--port `. +` or :option:`--port `. See :ref:`log-message-parsing` for more examples of filtering log output using ``jq``. The ``jq`` syntax presented in each linked example can be diff --git a/source/reference/command/shutdown.txt b/source/reference/command/shutdown.txt index 9a1db5097de..bb4820a05d4 100644 --- a/source/reference/command/shutdown.txt +++ b/source/reference/command/shutdown.txt @@ -94,7 +94,7 @@ See :ref:`cmd-shutdown-access-control` for more information. For a :binary:`~bin.mongod` started *without* :ref:`authentication`, you must run :dbcommand:`shutdown` from a client connected to the localhost interface. For example, run :mongosh:`mongosh ` with -the :option:`--host "127.0.0.1" ` option on the +the :option:`--host "127.0.0.1" ` option on the same host machine as the :binary:`~bin.mongod`. .. _cmd-shutdown-replica-set: diff --git a/source/reference/connection-string.txt b/source/reference/connection-string.txt index 1ba49783ce7..401739fa8e8 100644 --- a/source/reference/connection-string.txt +++ b/source/reference/connection-string.txt @@ -427,7 +427,7 @@ Alternatively, you can also use the equivalent :urioption:`ssl=true If the :binary:`mongo` shell specifies additional :ref:`tls/ssl ` options from the - command-line, use the :option:`--tls ` + command-line, use the :option:`--tls ` command-line option instead. .. versionadded:: 4.2 @@ -449,7 +449,7 @@ Alternatively, you can also use the equivalent :urioption:`ssl=true If the :binary:`mongo` shell specifies additional :ref:`tls/ssl ` options from the - command-line, use the :option:`--ssl ` + command-line, use the :option:`--ssl ` command-line option instead. * - .. urioption:: tlsCertificateKeyFile diff --git a/source/reference/method/Mongo.startSession.txt b/source/reference/method/Mongo.startSession.txt index c3c5e6761e7..07e7d809302 100644 --- a/source/reference/method/Mongo.startSession.txt +++ b/source/reference/method/Mongo.startSession.txt @@ -78,7 +78,7 @@ Definition encountering transient network errors. If you start :mongosh:`mongosh ` with the - :option:`--retryWrites ` option, ``retryWrites`` is enabled by + :option:`--retryWrites ` option, ``retryWrites`` is enabled by default for :method:`Mongo.startSession()`. After starting a session, you cannot modify its diff --git a/source/reference/method/SessionOptions.txt b/source/reference/method/SessionOptions.txt index d39fb9278f2..1dae933d480 100644 --- a/source/reference/method/SessionOptions.txt +++ b/source/reference/method/SessionOptions.txt @@ -72,7 +72,7 @@ Definition failovers. To enable retry writes, start :mongosh:`mongosh ` - with the :option:`--retryWrites ` option. + with the :option:`--retryWrites ` option. You can view whether ``retryWrites`` is enabled for a session via the following method: diff --git a/source/reference/method/db.auth.txt b/source/reference/method/db.auth.txt index eabb92683b3..0fc7940a801 100644 --- a/source/reference/method/db.auth.txt +++ b/source/reference/method/db.auth.txt @@ -234,9 +234,9 @@ Authenticate when Connecting to the Shell ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Alternatively, you can use :mongosh:`mongosh `'s -command-line options :option:`--username `, -:option:`--password `, -:option:`--authenticationDatabase `, +command-line options :option:`--username `, +:option:`--password `, +:option:`--authenticationDatabase `, and :option:`--authenticationMechanism ` to specify authentication credentials when connecting :mongosh:`mongosh `: diff --git a/source/reference/method/db.shutdownServer.txt b/source/reference/method/db.shutdownServer.txt index d7e7a29af19..8be0a05234a 100644 --- a/source/reference/method/db.shutdownServer.txt +++ b/source/reference/method/db.shutdownServer.txt @@ -80,7 +80,7 @@ See :ref:`method-shutdown-access-control` for more information. For a :binary:`~bin.mongod` started *without* :ref:`authentication`, you must run :method:`db.shutdownServer()` from a client connected to the localhost interface. For example, run :mongosh:`mongosh ` with the -:option:`--host "127.0.0.1" ` option on the same host +:option:`--host "127.0.0.1" ` option on the same host machine as the :binary:`~bin.mongod`. .. _method-shutdown-replica-set: diff --git a/source/reference/program/mongo.txt b/source/reference/program/mongo.txt index e5ea9907dcb..557b20f69d1 100644 --- a/source/reference/program/mongo.txt +++ b/source/reference/program/mongo.txt @@ -1294,7 +1294,7 @@ Connect to a Replica Set Using the DNS Seedlist Connection Format .. versionadded:: 3.6 To connect to a replica set described using the -:ref:`connections-dns-seedlist`, use the :option:`--host ` option +:ref:`connections-dns-seedlist`, use the :option:`--host ` option to specify the connection string to the :binary:`~bin.mongo` shell. In the following example, the DNS configuration resembles: diff --git a/source/tutorial/configure-ssl-clients.txt b/source/tutorial/configure-ssl-clients.txt index 8594d127c14..94f008bc4d1 100644 --- a/source/tutorial/configure-ssl-clients.txt +++ b/source/tutorial/configure-ssl-clients.txt @@ -55,36 +55,36 @@ including: * - TLS Option (New in 4.2) - Notes - * - :option:`--tls ` + * - :option:`--tls ` - Enables TLS/SSL connection. - * - :option:`--tlsCertificateKeyFile ` + * - :option:`--tlsCertificateKeyFile ` - Specifies the :file:`.pem` file that contains :mongosh:`mongosh `'s certificate and key to present to the :binary:`~bin.mongod` or :binary:`~bin.mongos` instance. This option is mutually exclusive with - :option:`--tlsCertificateSelector ` + :option:`--tlsCertificateSelector ` .. include:: /includes/extracts/4.4-changes-certificate-expiry-warning.rst - * - :option:`--tlsCertificateKeyFilePassword ` + * - :option:`--tlsCertificateKeyFilePassword ` - If :mongosh:`mongosh `'s certificate key file is encrypted. - * - :option:`--tlsCAFile ` + * - :option:`--tlsCAFile ` - Specifies the Certificate Authority (CA) :file:`.pem` file for verification of the certificate presented by the :binary:`~bin.mongod` or the :binary:`~bin.mongos` instance. - * - :option:`--tlsCertificateSelector ` + * - :option:`--tlsCertificateSelector ` - If running on Windows or macOS, use a certificate from the system certificate store. (*New in version 4.0*) This option is mutually exclusive with - :option:`--tlsCertificateKeyFile `. + :option:`--tlsCertificateKeyFile `. .. include:: /includes/extracts/4.4-changes-certificate-expiry-warning.rst @@ -104,7 +104,7 @@ certificate presented by the :binary:`~bin.mongod` or To connect :mongosh:`mongosh ` to a :binary:`~bin.mongod` or :binary:`~bin.mongos` that requires TLS/SSL, specify the - :option:`--host ` option or use a :doc:`connection + :option:`--host ` option or use a :doc:`connection string ` to specify the hostname. All other ``TLS/SSL`` options must be specified using the command-line options. @@ -124,9 +124,9 @@ To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` instance that requires :ref:`encrypted communication `, start :mongosh:`mongosh ` with: -- :option:`--tls ` +- :option:`--tls ` -- :option:`--host ` and :option:`--tlsCAFile ` and :option:`--tlsCAFile ` to validate the server certificate. For example, consider a :binary:`~bin.mongod` instance running on @@ -162,12 +162,12 @@ To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` that requires :ref:`CA-signed client certificates `, start :mongosh:`mongosh ` with: -- :option:`--tls ` +- :option:`--tls ` -- :option:`--host ` and the :option:`--tlsCAFile ` and the :option:`--tlsCAFile ` to validate the server certificate, -- :option:`--tlsCertificateKeyFile ` option to specify +- :option:`--tlsCertificateKeyFile ` option to specify the client certificate to present to the server. For example, consider a :binary:`~bin.mongod` instance running on @@ -201,9 +201,9 @@ On Windows and macOS, mongosh --tls --host hostname.example.com --tlsCertificateSelector subject="myclient.example.net" Although still available, :mongosh:`mongosh ` - :option:`--ssl `, :option:`--sslCAFile `, :option:`--sslPEMKeyFile `, - :option:`--sslCertificateSelector ` + :option:`--ssl `, :option:`--sslCAFile `, :option:`--sslPEMKeyFile `, + :option:`--sslCertificateSelector ` are :ref:`deprecated as of MongoDB 4.2 <4.2-tls>`. Avoid Use of ``--tlsAllowInvalidCertificates`` Option @@ -227,7 +227,7 @@ Avoid Use of ``--tlsAllowInvalidCertificates`` Option posing as valid :binary:`~bin.mongod` or :binary:`~bin.mongos` instances. If you only need to disable the validation of the hostname in the TLS/SSL certificates, see - :option:`--tlsAllowInvalidHostnames `. + :option:`--tlsAllowInvalidHostnames `. .. _mongo-shell-ssl-connect: @@ -243,26 +243,26 @@ Avoid Use of ``--tlsAllowInvalidCertificates`` Option * - SSL Option (Deprecated in 4.2) - Notes - * - :option:`--ssl ` + * - :option:`--ssl ` - Enables TLS/SSL connection. - * - :option:`--sslPEMKeyFile ` + * - :option:`--sslPEMKeyFile ` - Specifies the :file:`.pem` file that contains :mongosh:`mongosh `'s certificate and key to present to the :binary:`~bin.mongod` or :binary:`~bin.mongos` instance. - * - :option:`--sslPEMKeyPassword ` + * - :option:`--sslPEMKeyPassword ` - If :mongosh:`mongosh `'s certificate key file is encrypted. - * - :option:`--sslCAFile ` + * - :option:`--sslCAFile ` - Specifies the Certificate Authority (CA) :file:`.pem` file for verification of the certificate presented by the :binary:`~bin.mongod` or the :binary:`~bin.mongos` instance. - * - :option:`--sslCertificateSelector ` + * - :option:`--sslCertificateSelector ` - If running on Windows or macOS, use a certificate from the system certificate store. (*New in version 4.0*) @@ -283,7 +283,7 @@ certificate presented by the :binary:`~bin.mongod` or To connect :mongosh:`mongosh ` to a :binary:`~bin.mongod` or :binary:`~bin.mongos` that requires TLS/SSL, specify the - :option:`--host ` option or use a :doc:`connection + :option:`--host ` option or use a :doc:`connection string ` to specify the hostname. All other ``TLS/SSL`` options must be specified using the command-line options. @@ -303,9 +303,9 @@ To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` instance that requires :ref:`encrypted communication `, start :mongosh:`mongosh ` with: -- :option:`--ssl ` +- :option:`--ssl ` -- :option:`--host ` and :option:`--sslCAFile ` and :option:`--sslCAFile ` to validate the server certificate. For example, consider a :binary:`~bin.mongod` instance running on @@ -341,12 +341,12 @@ To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` that requires :ref:`CA-signed client certificates `, start :mongosh:`mongosh ` with: -- :option:`--ssl ` +- :option:`--ssl ` -- :option:`--host ` and the :option:`--sslCAFile ` and the :option:`--sslCAFile ` to validate the server certificate, -- :option:`--sslPEMKeyFile ` option to specify +- :option:`--sslPEMKeyFile ` option to specify the client certificate to present to the server. For example, consider a :binary:`~bin.mongod` instance running on @@ -367,9 +367,9 @@ On Windows and macOS, You can also use the :option:`--sslCertificateSelector ` option to specify the client certificate from the system certificate store instead of using - :option:`--sslPEMKeyFile `. If the CA file + :option:`--sslPEMKeyFile `. If the CA file is also in the system certificate store, you can omit the - :option:`--sslCAFile ` option as well. For + :option:`--sslCAFile ` option as well. For example, to use a certificate with the ``CN`` (Common Name) of ``myclient.example.net`` and the CA file from the system certificate store on macOS, start :mongosh:`mongosh ` with the following diff --git a/source/tutorial/configure-x509-client-authentication.txt b/source/tutorial/configure-x509-client-authentication.txt index 5d71f2597b9..97645b86344 100644 --- a/source/tutorial/configure-x509-client-authentication.txt +++ b/source/tutorial/configure-x509-client-authentication.txt @@ -355,23 +355,23 @@ authenticate with the client certificate. * - Option - Notes - * - :option:`--tls ` + * - :option:`--tls ` - - * - :option:`--tlsCertificateKeyFile ` + * - :option:`--tlsCertificateKeyFile ` - Client's x.509 file. - * - :option:`--tlsCAFile ` + * - :option:`--tlsCAFile ` - Certificate Authority file to verify the certificate presented by the :binary:`~bin.mongod` instance. - * - :option:`--authenticationDatabase ` + * - :option:`--authenticationDatabase ` - Specify ``'$external'``. - * - :option:`--authenticationMechanism ` + * - :option:`--authenticationMechanism ` - Specify ``MONGODB-X509``. - id: authafter @@ -398,13 +398,13 @@ authenticate with the client certificate. * - Option - Notes - * - :option:`--tls ` + * - :option:`--tls ` - - * - :option:`--tlsCertificateKeyFile ` + * - :option:`--tlsCertificateKeyFile ` - Client's x.509 file. - * - :option:`--tlsCAFile ` + * - :option:`--tlsCAFile ` - Certificate Authority file to verify the certificate presented by @@ -463,23 +463,23 @@ authenticate with the client certificate. * - Option - Notes - * - :option:`--ssl ` + * - :option:`--ssl ` - - * - :option:`--sslPEMKeyFile ` + * - :option:`--sslPEMKeyFile ` - Client's x.509 file. - * - :option:`--sslCAFile ` + * - :option:`--sslCAFile ` - Certificate Authority file to verify the certificate presented by :binary:`~bin.mongod`/:binary:`~bin.mongos` instance. - * - :option:`--authenticationDatabase ` + * - :option:`--authenticationDatabase ` - Specify ``'$external'``. - * - :option:`--authenticationMechanism ` + * - :option:`--authenticationMechanism ` - Specify ``MONGODB-X509``. - id: authafter @@ -506,13 +506,13 @@ authenticate with the client certificate. * - Option - Notes - * - :option:`--ssl ` + * - :option:`--ssl ` - - * - :option:`--sslPEMKeyFile ` + * - :option:`--sslPEMKeyFile ` - Client's x.509 file. - * - :option:`--sslCAFile ` + * - :option:`--sslCAFile ` - Certificate Authority file to verify the certificate presented by