Enabling SSL Communication over XDQP
This image shows the options related to configuring SSL for intra-cluster XDQP communication on the Groups screen:
To enable encrypted SSL communication between hosts in the group, on the Group screen, set Xdqp Ssl Enabled to
true. All communications to and from hosts in the group will be secured--even if the other end of the socket is in a group that does not have SSL enabled.The SSL keys and certificates used by the hosts are automatically generated when you install or upgrade MarkLogic Server. No outside authority signs the certificates used between hosts communicating over the internal XDQP connections in a cluster. Such certificates are self-signed and trusted by each host in the cluster. See Keeping XDQP Certificates Up to Date to keep these certificates up to date.
Note
If you are enabling this feature well after initially installing MarkLogic Server, use the first API described in Keeping XDQP Certificates Up to Date to make sure all certificates are valid.
For details on configuring SSL communication between web browsers and App Servers, see Configuring SSL on App Servers in Securing MarkLogic Server. For details on configuring FIPS 140-2 mode for SSL communication, see OpenSSL FIPS 140-2 Mode.