RDoc-3427 Support Server Certificates with Server Auth EKU only - update docs

docs/server/security/authentication/certificate-configuration.mdx

@@ -59,16 +59,15 @@ RavenDB will accept `.pfx` server certificates that contain the private key, are
 and include a basic (`Key Usage`) field and an enhanced (`Enhanced Key Usage`) field.  
 
 - `Key Usage`  
-  Permissions granted by this field: **Digital Signature**, **Key Encipherment**  
+  Permissions granted by this field: **Digital Signature**
 
       ![Key Usage](./assets/cert-key-usage.png)
 
 - `Enhanced Key Usage`  
-  Permissions granted by this field: **Server Authentication**, **Client Authentication**  
+  Permissions granted by this field: **Server Authentication**
 
-      An `Enhanced Key Usage` field must include these two OIDs:  
+      An `Enhanced Key Usage` field must include this OID:  
       **1.3.6.1.5.5.7.3.1** - Server Authentication  
-      **1.3.6.1.5.5.7.3.2** - Client Authentication  
 
        ![Enhanced Key Usage](./assets/cert-enhanced-key-usage.png)
 

docs/server/security/authorization/security-clearance-and-permissions.mdx

@@ -36,10 +36,6 @@ import LanguageContent from "@site/src/components/LanguageContent";
 
 `Cluster Admin` is the highest security clearance. There are no restrictions. A `Cluster Admin` certificate has admin permissions to all databases. It also has the ability to modify the cluster itself.
 
-<Admonition type="note" title="">
-The server certificate security clearance is called `Cluster Node`. The server certificate can also be used as a client certificate, and in that case `Cluster Node` is equivalent to `Cluster Admin` in terms of permissions.
-</Admonition>
-
 The following operations are allowed **only** for `Cluster Admin` certificates:
 
 - All cluster operations

docs/server/security/common-errors-and-faq.mdx

@@ -267,7 +267,7 @@ This server requires client certificate for authentication, but none was provide
    See [trusting an existing certificate](../../server/administration/cli.mdx#trustclientcert).  
 #### If your browser runs under Windows 7 or Windows Server 2008 or older:  
 
-The first thing to try would be installing the **SERVER** certificate to the OS 
+The first thing to try would be installing the **ADMIN** certificate to the OS 
 where your server is running, closing **all instances** of the browser and restarting it.  
 
 If the issue persists, please also visit the 

docs/start/installation/setup-examples/kubernetes/azure-aks.mdx

@@ -49,8 +49,8 @@ There are many tools available online that automate the process of getting the c
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use a self-signed certificate, you must register the CA certificate in the OS. A Docker image can be created based on the RavenDB image:
 

docs/start/installation/setup-wizard.mdx

@@ -403,8 +403,8 @@ stores on all the relevant machines.
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use the setup wizard to construct a cluster, you must use the same certificate for all nodes. If you wish to use 
 a different certificate for each node, it's possible only through [manual setup](../../start/installation/manual.mdx). A wildcard 
@@ -512,8 +512,8 @@ If you are setting up a cluster, you will use this Zip file to set up each of yo
 
 RavenDB will accept `.pfx` server certificates which contain the private key, are not expired, and have the following fields:
 
-**KeyUsage**: DigitalSignature, KeyEncipherment  
-**ExtendedKeyUsage**: Client Authentication, Server Authentication
+**KeyUsage**: DigitalSignature 
+**ExtendedKeyUsage**: Server Authentication
 
 
 1. Place the `.pfx` file in a permanent location in each server/node folder.  

versioned_docs/version-5.4/server/security/authentication/certificate-configuration.mdx

@@ -59,16 +59,15 @@ RavenDB will accept `.pfx` server certificates that contain the private key, are
 and include a basic (`Key Usage`) field and an enhanced (`Enhanced Key Usage`) field.  
 
 - `Key Usage`  
-  Permissions granted by this field: **Digital Signature**, **Key Encipherment**  
+  Permissions granted by this field: **Digital Signature**
 
       ![Key Usage](./assets/cert-key-usage.png)
 
 - `Enhanced Key Usage`  
-  Permissions granted by this field: **Server Authentication**, **Client Authentication**  
+  Permissions granted by this field: **Server Authentication**
 
-      An `Enhanced Key Usage` field must include these two OIDs:  
+      An `Enhanced Key Usage` field must include this OID:  
       **1.3.6.1.5.5.7.3.1** - Server Authentication  
-      **1.3.6.1.5.5.7.3.2** - Client Authentication  
 
        ![Enhanced Key Usage](./assets/cert-enhanced-key-usage.png)
 
@@ -258,3 +257,4 @@ In all secure configurations, the `ServerUrl` must contain the same domain name
 
 
 
+

versioned_docs/version-5.4/server/security/authorization/security-clearance-and-permissions.mdx

@@ -36,10 +36,6 @@ import LanguageContent from "@site/src/components/LanguageContent";
 
 `Cluster Admin` is the highest security clearance. There are no restrictions. A `Cluster Admin` certificate has admin permissions to all databases. It also has the ability to modify the cluster itself.
 
-<Admonition type="note" title="">
-The server certificate security clearance is called `Cluster Node`. The server certificate can also be used as a client certificate, and in that case `Cluster Node` is equivalent to `Cluster Admin` in terms of permissions.
-</Admonition>
-
 The following operations are allowed **only** for `Cluster Admin` certificates:
 
 - All cluster operations

versioned_docs/version-5.4/server/security/common-errors-and-faq.mdx

@@ -267,7 +267,7 @@ This server requires client certificate for authentication, but none was provide
    See [trusting an existing certificate](../../server/administration/cli.mdx#trustclientcert).  
 #### If your browser runs under Windows 7 or Windows Server 2008 or older:  
 
-The first thing to try would be installing the **SERVER** certificate to the OS 
+The first thing to try would be installing the **ADMIN** certificate to the OS
 where your server is running, closing **all instances** of the browser and restarting it.  
 
 If the issue persists, please also visit the 

versioned_docs/version-5.4/start/installation/setup-examples/kubernetes/azure-aks.mdx

@@ -49,8 +49,8 @@ There are many tools available online that automate the process of getting the c
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use a self-signed certificate, you must register the CA certificate in the OS. A Docker image can be created based on the RavenDB image:
 

versioned_docs/version-5.4/start/installation/setup-wizard.mdx

@@ -403,8 +403,8 @@ stores on all the relevant machines.
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use the setup wizard to construct a cluster, you must use the same certificate for all nodes. If you wish to use 
 a different certificate for each node, it's possible only through [manual setup](../../start/installation/manual.mdx). A wildcard 
@@ -512,8 +512,8 @@ If you are setting up a cluster, you will use this Zip file to set up each of yo
 
 RavenDB will accept `.pfx` server certificates which contain the private key, are not expired, and have the following fields:
 
-**KeyUsage**: DigitalSignature, KeyEncipherment  
-**ExtendedKeyUsage**: Client Authentication, Server Authentication
+**KeyUsage**: DigitalSignature
+**ExtendedKeyUsage**: Server Authentication
 
 
 1. Place the `.pfx` file in a permanent location in each server/node folder.  

versioned_docs/version-6.0/server/security/authentication/certificate-configuration.mdx

@@ -58,17 +58,16 @@ See [Certificate Management](../../../server/security/authentication/certificate
 RavenDB will accept `.pfx` server certificates that contain the private key, are not expired, 
 and include a basic (`Key Usage`) field and an enhanced (`Enhanced Key Usage`) field.  
 
-- `Key Usage`  
-  Permissions granted by this field: **Digital Signature**, **Key Encipherment**  
-  
+- `Key Usage`
+  Permissions granted by this field: **Digital Signature**
+
       ![Key Usage](./assets/cert-key-usage.png)
 
-- `Enhanced Key Usage`  
-  Permissions granted by this field: **Server Authentication**, **Client Authentication**  
-
-      An `Enhanced Key Usage` field must include these two OIDs:  
-      **1.3.6.1.5.5.7.3.1** - Server Authentication  
-      **1.3.6.1.5.5.7.3.2** - Client Authentication  
+- `Enhanced Key Usage`
+  Permissions granted by this field: **Server Authentication**
+
+      An `Enhanced Key Usage` field must include this OID:
+      **1.3.6.1.5.5.7.3.1** - Server Authentication
 
        ![Enhanced Key Usage](./assets/cert-enhanced-key-usage.png)
 

versioned_docs/version-6.0/server/security/authorization/security-clearance-and-permissions.mdx

@@ -36,10 +36,6 @@ import LanguageContent from "@site/src/components/LanguageContent";
 
 `Cluster Admin` is the highest security clearance. There are no restrictions. A `Cluster Admin` certificate has admin permissions to all databases. It also has the ability to modify the cluster itself.
 
-<Admonition type="note" title="">
-The server certificate security clearance is called `Cluster Node`. The server certificate can also be used as a client certificate, and in that case `Cluster Node` is equivalent to `Cluster Admin` in terms of permissions.
-</Admonition>
-
 The following operations are allowed **only** for `Cluster Admin` certificates:
 
 - All cluster operations

versioned_docs/version-6.0/server/security/common-errors-and-faq.mdx

@@ -267,7 +267,7 @@ This server requires client certificate for authentication, but none was provide
    See [trusting an existing certificate](../../server/administration/cli.mdx#trustclientcert).  
 #### If your browser runs under Windows 7 or Windows Server 2008 or older:  
 
-The first thing to try would be installing the **SERVER** certificate to the OS 
+The first thing to try would be installing the **ADMIN** certificate to the OS
 where your server is running, closing **all instances** of the browser and restarting it.  
 
 If the issue persists, please also visit the 

versioned_docs/version-6.0/start/installation/setup-examples/kubernetes/azure-aks.mdx

@@ -49,8 +49,8 @@ There are many tools available online that automate the process of getting the c
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use a self-signed certificate, you must register the CA certificate in the OS. A Docker image can be created based on the RavenDB image:
 

versioned_docs/version-6.0/start/installation/setup-wizard.mdx

@@ -403,8 +403,8 @@ stores on all the relevant machines.
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use the setup wizard to construct a cluster, you must use the same certificate for all nodes. If you wish to use 
 a different certificate for each node, it's possible only through [manual setup](../../start/installation/manual.mdx). A wildcard 
@@ -512,8 +512,8 @@ If you are setting up a cluster, you will use this Zip file to set up each of yo
 
 RavenDB will accept `.pfx` server certificates which contain the private key, are not expired, and have the following fields:
 
-**KeyUsage**: DigitalSignature, KeyEncipherment  
-**ExtendedKeyUsage**: Client Authentication, Server Authentication
+**KeyUsage**: DigitalSignature
+**ExtendedKeyUsage**: Server Authentication
 
 
 1. Place the `.pfx` file in a permanent location in each server/node folder.  

versioned_docs/version-6.2/server/security/authentication/certificate-configuration.mdx

@@ -58,17 +58,16 @@ See [Certificate Management](../../../server/security/authentication/certificate
 RavenDB will accept `.pfx` server certificates that contain the private key, are not expired, 
 and include a basic (`Key Usage`) field and an enhanced (`Enhanced Key Usage`) field.  
 
-- `Key Usage`  
-  Permissions granted by this field: **Digital Signature**, **Key Encipherment**  
-  
+- `Key Usage`
+  Permissions granted by this field: **Digital Signature**
+
       ![Key Usage](./assets/cert-key-usage.png)
 
-- `Enhanced Key Usage`  
-  Permissions granted by this field: **Server Authentication**, **Client Authentication**  
-
-      An `Enhanced Key Usage` field must include these two OIDs:  
-      **1.3.6.1.5.5.7.3.1** - Server Authentication  
-      **1.3.6.1.5.5.7.3.2** - Client Authentication  
+- `Enhanced Key Usage`
+  Permissions granted by this field: **Server Authentication**
+
+      An `Enhanced Key Usage` field must include this OID:
+      **1.3.6.1.5.5.7.3.1** - Server Authentication
 
        ![Enhanced Key Usage](./assets/cert-enhanced-key-usage.png)
 

versioned_docs/version-6.2/server/security/authorization/security-clearance-and-permissions.mdx

@@ -36,10 +36,6 @@ import LanguageContent from "@site/src/components/LanguageContent";
 
 `Cluster Admin` is the highest security clearance. There are no restrictions. A `Cluster Admin` certificate has admin permissions to all databases. It also has the ability to modify the cluster itself.
 
-<Admonition type="note" title="">
-The server certificate security clearance is called `Cluster Node`. The server certificate can also be used as a client certificate, and in that case `Cluster Node` is equivalent to `Cluster Admin` in terms of permissions.
-</Admonition>
-
 The following operations are allowed **only** for `Cluster Admin` certificates:
 
 - All cluster operations

versioned_docs/version-6.2/server/security/common-errors-and-faq.mdx

@@ -267,7 +267,7 @@ This server requires client certificate for authentication, but none was provide
    See [trusting an existing certificate](../../server/administration/cli.mdx#trustclientcert).  
 #### If your browser runs under Windows 7 or Windows Server 2008 or older:  
 
-The first thing to try would be installing the **SERVER** certificate to the OS 
+The first thing to try would be installing the **ADMIN** certificate to the OS
 where your server is running, closing **all instances** of the browser and restarting it.  
 
 If the issue persists, please also visit the 

versioned_docs/version-6.2/start/installation/setup-examples/kubernetes/azure-aks.mdx

@@ -49,8 +49,8 @@ There are many tools available online that automate the process of getting the c
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use a self-signed certificate, you must register the CA certificate in the OS. A Docker image can be created based on the RavenDB image:
 

versioned_docs/version-6.2/start/installation/setup-wizard.mdx

@@ -403,8 +403,8 @@ stores on all the relevant machines.
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use the setup wizard to construct a cluster, you must use the same certificate for all nodes. If you wish to use 
 a different certificate for each node, it's possible only through [manual setup](../../start/installation/manual.mdx). A wildcard 
@@ -512,8 +512,8 @@ If you are setting up a cluster, you will use this Zip file to set up each of yo
 
 RavenDB will accept `.pfx` server certificates which contain the private key, are not expired, and have the following fields:
 
-**KeyUsage**: DigitalSignature, KeyEncipherment  
-**ExtendedKeyUsage**: Client Authentication, Server Authentication
+**KeyUsage**: DigitalSignature
+**ExtendedKeyUsage**: Server Authentication
 
 
 1. Place the `.pfx` file in a permanent location in each server/node folder.  

versioned_docs/version-7.0/server/security/authentication/certificate-configuration.mdx

@@ -58,17 +58,16 @@ See [Certificate Management](../../../server/security/authentication/certificate
 RavenDB will accept `.pfx` server certificates that contain the private key, are not expired, 
 and include a basic (`Key Usage`) field and an enhanced (`Enhanced Key Usage`) field.  
 
-- `Key Usage`  
-  Permissions granted by this field: **Digital Signature**, **Key Encipherment**  
-  
+- `Key Usage`
+  Permissions granted by this field: **Digital Signature**
+
       ![Key Usage](./assets/cert-key-usage.png)
 
-- `Enhanced Key Usage`  
-  Permissions granted by this field: **Server Authentication**, **Client Authentication**  
-
-      An `Enhanced Key Usage` field must include these two OIDs:  
-      **1.3.6.1.5.5.7.3.1** - Server Authentication  
-      **1.3.6.1.5.5.7.3.2** - Client Authentication  
+- `Enhanced Key Usage`
+  Permissions granted by this field: **Server Authentication**
+
+      An `Enhanced Key Usage` field must include this OID:
+      **1.3.6.1.5.5.7.3.1** - Server Authentication
 
        ![Enhanced Key Usage](./assets/cert-enhanced-key-usage.png)
 

versioned_docs/version-7.0/server/security/authorization/security-clearance-and-permissions.mdx

@@ -36,10 +36,6 @@ import LanguageContent from "@site/src/components/LanguageContent";
 
 `Cluster Admin` is the highest security clearance. There are no restrictions. A `Cluster Admin` certificate has admin permissions to all databases. It also has the ability to modify the cluster itself.
 
-<Admonition type="note" title="">
-The server certificate security clearance is called `Cluster Node`. The server certificate can also be used as a client certificate, and in that case `Cluster Node` is equivalent to `Cluster Admin` in terms of permissions.
-</Admonition>
-
 The following operations are allowed **only** for `Cluster Admin` certificates:
 
 - All cluster operations

versioned_docs/version-7.0/server/security/common-errors-and-faq.mdx

@@ -267,7 +267,7 @@ This server requires client certificate for authentication, but none was provide
    See [trusting an existing certificate](../../server/administration/cli.mdx#trustclientcert).  
 #### If your browser runs under Windows 7 or Windows Server 2008 or older:  
 
-The first thing to try would be installing the **SERVER** certificate to the OS 
+The first thing to try would be installing the **ADMIN** certificate to the OS
 where your server is running, closing **all instances** of the browser and restarting it.  
 
 If the issue persists, please also visit the 

versioned_docs/version-7.0/start/installation/setup-examples/kubernetes/azure-aks.mdx

@@ -49,8 +49,8 @@ There are many tools available online that automate the process of getting the c
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use a self-signed certificate, you must register the CA certificate in the OS. A Docker image can be created based on the RavenDB image:
 

versioned_docs/version-7.0/start/installation/setup-wizard.mdx

@@ -403,8 +403,8 @@ stores on all the relevant machines.
 
 RavenDB will accept PFX server certificates which contain the private key, are not expired, and have the following fields:
 
-- KeyUsage: DigitalSignature, KeyEncipherment
-- ExtendedKeyUsage: Client Authentication, Server Authentication
+- KeyUsage: DigitalSignature
+- ExtendedKeyUsage: Server Authentication
 
 If you wish to use the setup wizard to construct a cluster, you must use the same certificate for all nodes. If you wish to use 
 a different certificate for each node, it's possible only through [manual setup](../../start/installation/manual.mdx). A wildcard 
@@ -512,8 +512,8 @@ If you are setting up a cluster, you will use this Zip file to set up each of yo
 
 RavenDB will accept `.pfx` server certificates which contain the private key, are not expired, and have the following fields:
 
-**KeyUsage**: DigitalSignature, KeyEncipherment  
-**ExtendedKeyUsage**: Client Authentication, Server Authentication
+**KeyUsage**: DigitalSignature
+**ExtendedKeyUsage**: Server Authentication
 
 
 1. Place the `.pfx` file in a permanent location in each server/node folder.