Description
Currently, when node to node encryption is set to "all" or "strict", the services may connect to other services including ns_server using the node certificates passed to them. However, in the case where client certificate authentication is enabled the usage of node certificates by the services to connect as clients possess the problem of not being able to authenticate the user.
Per doc, https://docs.couchbase.com/server/current/manage/manage-security/enable-client-certificate-handling.html.
A current limitation is that client certificate authentication cannot be set to mandatory if node-to-node encryption is set to all. See Node-to-Node Encryption. |
Unfortunately this not limited to mandatory but also extends to enabled state of client certificate authentication.
We need to be able to support both client certificate auth and node to node encryption at the same time.
Docs:
Design draft
Attachments
Issue Links
- is blocked by
-
MB-51776 [CLI] server-add should provide an option to use client certificate for authentication
- Open
-
MB-52103 [xdcr] Support both client certificate auth and n2n encryption at the same time
- Open
-
MB-51771 [UI] No need to ask for user/password when client certs are used during node addition
- Open
-
MB-52097 [indexer] Support both client certificate auth and n2n encryption at the same time
- Open
-
MB-52099 [cbas] Support both client certificate auth and n2n encryption at the same time
- Open
-
MB-52102 [Query] Support both client certificate auth and n2n encryption at the same time
- Open
-
MB-52104 [eventing] Support both client certificate auth and n2n encryption at the same time
- Open
-
MB-52182 [CLI] Support client cert reload
- Open
-
MB-52100 [backup] Support both client certificate auth and n2n encryption at the same time
- Resolved
- relates to
-
MB-61232 eventing error: flag provided but not defined: -clientcertfile
- Resolved
-
MB-50939 Replace internal authentication basic auth with mutual authentication
- Open
-
MB-48188 Support client certificate in n2n encryption
- Closed