DOCSP-28412 Removes Stale SSL Content (#2730) (#2790)

kennethdyer · web-flow · commit 33f36618b28a · 2023-03-27T16:16:15.000-05:00
* DOCSP-28412 Removes Stale SSL Content (#2730) * DOCSP-28412 Removes stale SSL options from tutorial * Removes sections * Fixes build errors * Fixes build errors * Fixes build errors * Fixes build errors * Fixes per Dave * Heading fix * Fixes per Dave * Fixes build issues
diff --git a/source/tutorial/configure-ssl-clients.txt b/source/tutorial/configure-ssl-clients.txt
@@ -31,19 +31,8 @@ Clients must have support for TLS/SSL to connect to a
 
 .. _mongo-shell-tls-connect:
 
-``mongo`` Shell Configuration (Using ``tls`` Options)
--------------------------------------------------------
-
-.. note::
-
-   Starting in version 4.2, MongoDB provides ``tls`` options that
-   corresponds to the ``ssl`` options. The ``tls`` options provide
-   **identical** functionality as the ``ssl`` options since MongoDB has
-   always supported TLS 1.0 and later.
-
-   The procedures in this section use the ``tls`` options. For
-   procedures using their ``ssl`` aliases, see
-   :ref:`mongo-shell-ssl-connect`.
+MongoDB Shell
+-------------
 
 The :binary:`~bin.mongo` shell provides various TLS/SSL settings,
 including:
@@ -111,14 +100,8 @@ certificate presented by the :binary:`~bin.mongod` or
 
 .. _tls-client-connection-only:
 
-Connect to MongoDB Instance Using Encryption (``tls`` Options)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-
-   The procedure uses the ``tls`` options (available starting in
-   MongoDB 4.2). For procedures using their ``ssl`` aliases, see
-   :ref:`mongo-shell-ssl-connect`.
+Connect to MongoDB Instances Using Encryption 
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` instance
 that requires :ref:`encrypted communication <ssl-mongod-ssl-cert-key>`,
@@ -149,14 +132,8 @@ the CA file.
 
 .. _mongo-connect-require-client-certificates-tls:
 
-Connect to MongoDB Instance that Requires Client Certificates (``tls`` Options)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-
-   The procedure uses the ``tls`` options (available starting in
-   MongoDB 4.2). For procedures using their ``ssl`` aliases, see
-   :ref:`mongo-shell-ssl-connect`.
+Connect to MongoDB Instances that Require Client Certificates 
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` that
 requires :ref:`CA-signed client certificates
@@ -237,164 +214,6 @@ Avoid Use of ``--tlsAllowInvalidCertificates`` Option
    hostname in the TLS/SSL certificates, see
    :option:`--tlsAllowInvalidHostnames <mongo --tlsAllowInvalidHostnames>`.
 
-.. _mongo-shell-ssl-connect:
-
-``mongo`` Shell Configuration (Using ``ssl`` Options)
-------------------------------------------------------
-
-The :binary:`~bin.mongo` shell provides various TLS/SSL settings,
-including:
-
-.. list-table::
-   :header-rows: 1
-   :widths: 30 70
-
-   * - SSL Option (Deprecated in 4.2)
-     - Notes
-
-   * - :option:`--ssl <mongo --ssl>`
-     - Enables TLS/SSL connection.
-
-   * - :option:`--sslPEMKeyFile <mongo --sslPEMKeyFile>`
-
-     - Specifies the :file:`.pem` file that contains the
-       :binary:`~bin.mongo` shell's certificate and key to present to
-       the :binary:`~bin.mongod` or :binary:`~bin.mongos` instance.
-
-   * - :option:`--sslPEMKeyPassword <mongo --sslPEMKeyPassword>`
-
-     - If the :binary:`~bin.mongo` shell's certificate key file is encrypted.
-
-   * - :option:`--sslCAFile <mongo --sslCAFile>`
-
-     - Specifies the Certificate Authority (CA) :file:`.pem` file for
-       verification of the certificate presented by the
-       :binary:`~bin.mongod` or the :binary:`~bin.mongos` instance.
-
-   * - :option:`--sslCertificateSelector <mongo --sslCertificateSelector>`
-   
-     - If running on Windows or macOS, use a certificate from the
-       system certificate store. (*New in version 4.0*)
-
-For a complete list of the :binary:`~bin.mongo` shell's ``ssl``
-options, see :ref:`SSL Options <mongo-shell-ssl>`.
-
-For TLS/SSL connections, the :binary:`~bin.mongo` shell validates the
-certificate presented by the :binary:`~bin.mongod` or
-:binary:`~bin.mongos` instance:
-
-- The :binary:`~bin.mongo` shell verifies that the certificate is from
-  the specified Certificate Authority :option:`--sslCAFile <mongo
-  --sslCAFile>`. If the certificate is not from the specified CA, the
-  :binary:`~bin.mongo` shell will fail to connect.
-
-- .. include:: /includes/extracts/ssl-facts-mongo-ssl-hostname-verification.rst
-
-  To connect a :binary:`~bin.mongo` shell to a :binary:`~bin.mongod` or
-  :binary:`~bin.mongos` that requires TLS/SSL, specify the
-  :option:`--host <mongo --host>` option or use a :doc:`connection
-  string </reference/connection-string>` to specify the hostname. All
-  other ``TLS/SSL`` options must be specified using the command-line
-  options.
-
-.. _ssl-client-connection-only:
-
-Connect to MongoDB Instance Using Encryption (``--ssl`` Options)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-
-   The procedure uses the ``ssl`` options. For procedures using the
-   ``tls`` aliases (available starting in MongoDB 4.2), see
-   :ref:`mongo-shell-tls-connect`.
-   
-To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` instance
-that requires :ref:`encrypted communication <ssl-mongod-ssl-cert-key>`,
-start the :binary:`~bin.mongo` shell with:
-
-- :option:`--ssl <mongo --ssl>`
-
-- :option:`--host <mongo --host>` and :option:`--sslCAFile <mongo
-  --sslCAFile>` to validate the server certificate.
-
-For example, consider a :binary:`~bin.mongod` instance running on
-``hostname.example.com`` with the following options:
-
-.. code-block:: bash
-
-   mongod --sslMode requireSSL --sslPEMKeyFile <pem> 
-
-To connect to the instance, start a :binary:`~bin.mongo` shell with the
-following options:
-
-.. code-block:: bash
-
-   mongo --ssl --host hostname.example.com --sslCAFile /etc/ssl/caToValidateServerCertificates.pem
-
-The :binary:`~bin.mongo` shell verifies the certificate presented by
-the :binary:`~bin.mongod` instance against the specified hostname
-and the CA file.
-
-.. _mongo-connect-require-client-certificates-ssl:
-
-Connect to MongoDB Instance that Requires Client Certificates (``ssl`` Options)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-
-   The procedure uses the ``ssl`` options. For procedures using the
-   ``tls`` aliases (available starting in MongoDB 4.2), see
-   :ref:`mongo-shell-tls-connect`.
-
-To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` that
-requires :ref:`CA-signed client certificates
-<ssl-mongod-ca-signed-ssl-cert-key>`, start the :binary:`~bin.mongo`
-shell with:
-
-- :option:`--ssl <mongo --ssl>`
-
-- :option:`--host <mongo --host>` and the :option:`--sslCAFile <mongo
-  --sslCAFile>` to validate the server certificate,
-
-- :option:`--sslPEMKeyFile <mongo --sslPEMKeyFile>` option to specify
-  the client certificate to present to the server.
-
-For example, consider a :binary:`~bin.mongod` instance running on
-``hostname.example.com`` with the following options:
-
-.. code-block:: bash
-
-   mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem --sslCAFile /etc/ssl/ca.pem
-
-To connect to the instance, start a :binary:`~bin.mongo` shell with the
-following options:
-
-.. code-block:: bash
-
-   mongo --ssl --host hostname.example.com --sslPEMKeyFile /etc/ssl/client.pem --sslCAFile /etc/ssl/ca.pem
-
-On Windows and macOS
-````````````````````
-
-You can also use the ``--sslCertificateSelector`` option to specify the
-client certificate from the system certificate store instead of using
-``--sslPEMKeyFile``. If the CA file is also in the system certificate
-store, you can omit the ``--sslCAFile`` option.
-
-For example, to use a certificate with the ``CN`` (Common Name) of
-``myclient.example.net`` and the CA file from the system certificate
-store on macOS, start :binary:`~bin.mongo` with the following
-options:
-
-.. code-block:: bash
-
-   mongo --ssl  --host hostname.example.com --sslCertificateSelector subject=myclient.example.net 
-
-Avoid Use of ``--sslAllowInvalidCertificates`` Option
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. include:: /includes/extracts/ssl-facts-invalid-cert-warning-clients.rst
-
 |atlas|, |MMS| and MongoDB Ops Manager
 --------------------------------------
 
@@ -447,9 +266,9 @@ tools include:
 - :binary:`~bin.mongostat`
 - :binary:`~bin.mongotop`
 
-To use encrypted communication with these tools, use the same ``ssl`` options as
-the :binary:`~bin.mongo` shell. See :ref:`mongo-shell-ssl-connect`.
+To use encrypted communication with these tools, use the same ``tls`` options as
+:binary:`~bin.mongo`. See :ref:`mongo-shell-tls-connect`.
 
 .. seealso::
 
-   :doc:`/tutorial/configure-ssl`
+   :ref:`configure-mongod-mongos-for-tls-ssl`
diff --git a/source/tutorial/configure-ssl.txt b/source/tutorial/configure-ssl.txt
@@ -1,3 +1,5 @@
+.. _configure-mongod-mongos-for-tls-ssl:
+
 ===============================================
 Configure ``mongod`` and ``mongos`` for TLS/SSL
 ===============================================
@@ -733,7 +735,7 @@ can only use TLS/SSL connections:
    mongod --config <path/to/configuration/file>
 
 That is, clients must specify TLS/SSL connections. See
-:ref:`ssl-client-connection-only` for more information on
+:ref:`tls-client-connection-only` for more information on
 connecting with TLS/SSL.
 
 .. seealso::
@@ -846,9 +848,9 @@ its clients:
 
    mongod --config <path/to/configuration/file>
 
-That is, clients must specify TLS/SSL connections and presents its
+That is, clients must specify TLS/SSL connections and present their
 certificate key file to the instance. See
-:ref:`mongo-connect-require-client-certificates-ssl` for more
+:ref:`mongo-connect-require-client-certificates-tls` for more
 information on connecting with TLS/SSL.
 
 .. seealso::
@@ -900,7 +902,7 @@ To prevent clients with revoked certificates from connecting to the
              CAFile: /etc/ssl/caToValidateClientCertificates.pem
              CRLFile: /etc/ssl/revokedCertificates.pem
 
-      Clients who presents certificates that are listed in the
+      Clients who present certificates that are listed in the
       :file:`/etc/ssl/revokedCertificates.pem` will not be able to connect.
 
       .. seealso::
