CA Certificate (User Cert Signer) Import from Admin Interface
To allow MarkLogic Server to accept the Certificate presented by a user, MarkLogic Server needs a Certificate Authority (CA) to sign the user certificate installed into MarkLogic Server.
Install a CA certificate used to sign the demoUser1 certificate in the Admin Interface, as follows.
Click Security in the left tree menu.
Click Certificate Authorities on the left tree menu.
Click the Import tab and import a certificate, such as this one:
Example CA certificate:
Certificate: Data: Version: 3 (0x2) Serial Number: 9774683164744115905 (0x87a6a68cc29066c1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=CA, L=San Carlos, O=MarkLogic Corp., OU=Engineering, CN=MarkLogic DemoCA Validity Not Before: Jul 11 02:53:18 2017 GMT Not After : Jul 6 02:53:18 2037 GMT Subject: C=US, ST=CA, L=San Carlos, O=MarkLogic Corp., OU=Engineering, CN=MarkLogic DemoCA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: ...................... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D9:45:B9:9A:DC:93:7B:DB:47:07:C6:96:63:57:13:A7:A8 :F1:D0:C8 X509v3 Authority Key Identifier: keyid:D9:45:B9:9A:DC:93:7B:DB:47:07:C6:96:63:57:13 :A7:A8:F1:D0:C8 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption