Let’s Encrypt certificate for mongodb internal membership authentication

From this article
https://docs.mongodb.com/v3.6/tutorial/configure-x509-member-authentication/

the requirements for the certificate for internal authentication are the following:

The Distinguished Name (DN), found in the member certificate’s subject, must specify a non-empty value for at least one of the following attributes: Organization (O), the Organizational Unit (OU) or the Domain Component (DC).

But in Let’s Encrypt certificate the Subject only contains domain name like this: CN = mongo-cl-01.example.com

What can I do to acquire OU, O or DC in the Subject of Let’s Encrypt certificate ?

Very simple: you can't. Let's Encrypt only issues Domain Validation certificates with information they can automatically validate. And that's just the hostname.

1 Like

Assuming these are all servers you control and nobody external is connecting to them you can run your own certificate authority, you just install the CA root on all your machines, then all your certs are trusted. See for example: step-ca open source server — Smallstep

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.