CA Certificate (User Cert Signer) Import from Admin Interface
To allow MarkLogic Server to accept the certificate presented by a user, MarkLogic Server needs a Certificate Authority (CA) to sign the user certificate installed into MarkLogic Server. You can install a CA Certificate (below) to be used to sign demoUser1
Cert through the Admin Interface.
Click Configure in the left tree menu of the Admin Interface, then click Security to expand the options. Click Certificate Authorities, and then click the Import tab.
Paste this text for the trusted certificate into the field:
$ openssl x509 -in CACert.pem -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 9774683164744115905 (0x87a6a68cc29066c1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=NY, L=New York, O=MarkLogic Corporation, OU=Engineering, CN=MarkLogic DemoCA Validity Not Before: Jul 11 02:53:18 2017 GMT Not After : Jul 6 02:53:18 2037 GMT Subject: C=US, ST=NY, L=New York, O=MarkLogic Corporation, OU=Engineering, CN=MarkLogic DemoCA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: ...................... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D9:45:B9:9A:DC:93:7B:DB:47:07:C6:96:63:57:13:A7:A8:F1:D0:C8 X509v3 Authority Key Identifier: keyid:D9:45:B9:9A:DC:93:7B:DB:47:07:C6:96:63:57:13:A7:A8:F1:D0:C8 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption