Skip to main content

Securing MarkLogic Server

Using an Alternative PKCS #11 Device

MarkLogic Server uses SoftHSM as its default hardware security module (HSM). This section describes the process of setting up an alternate hardware security module if you want to use a PKCS #11 HSM (or any other PKCS #11-compliant HSM) by following these steps before starting MarkLogic Server for the first time.

Note

This process will only work on a clean data directory with a first time install.

  1. The PKCS#11 devices must not be initialized, and no PIN should be set, MarkLogic Server will initialize it and set a PIN.

  2. Set environment variable=MARKLOGIC_P11_DRIVER_PATH to the PKCS#11 library you want to use.

  3. Start MarkLogic Server for the first time.

  4. Verify no error messages are logged during startup.

In this section: