Enabling SSL Communication over XDQP
To enable encrypted SSL communication between hosts in the group, set xdqp ssl enabled to true. All communications to and from hosts in the group will be secured, even if the other end of the socket is in a group that does not have SSL enabled.
The SSL keys and certificates used by the hosts are automatically generated when you install or upgrade MarkLogic Server. No outside authority is used to sign certificates used between servers communicating over the internal XDQP connections in a cluster. Such certificates are self-signed and trusted by each server in the cluster.
For details on configuring SSL communication between web browsers and App Servers, see Configuring SSL on App Servers in Securing MarkLogic Server. For details on configuring FIPS 140-2 mode for SSL communication, see OpenSSL FIPS 140-2 Mode.
This image shows the options related to configuring SSL for intra-cluster XDQP communication:
