Skip to main content

Securing MarkLogic Server

Creating a MarkLogic Server User with an Internal Name

To configure certificate-based user authentication for user, demoUser1, as a MarkLogic Server internal user, follow these steps in the Admin Interface:

  1. Click Security in the left tree menu.

  2. Under Security, click Users.

  3. Click the Create tab. The User Configuration page appears.

  4. In the User Name field, enter the user name as it appears in the CN value of the certificate Subject field (demoUser1 in the example shown in User Certificate Example)

  5. Enter and confirm a password.

  6. Click OK.

  7. Next, change the app server configuration. At the top of the left tree menu, click Server.

  8. Under the Summary tab, and the App Servers heading, click the name of the app server.

    Admin Interface Screenshot illustrating where to click the name of the app server

  9. On the Configure tab, set the Authentication field to Certificate.

  10. Set Internal Security to true.

  11. If you do not wish to have the user authenticated as an external user, be sure that External Securities are set to None,

  12. Scroll down to the bottom of the page and in the Ssl Client Certificate Authorities section, click Show.

    Admin Interface Screenshot illustrating the location of [Show] near the bottom of the app server configuration page

  13. Select the certificate authority created in CA Certificate (User Cert Signer) Import from Admin Interface to sign the client/user certificate.

  14. Click OK.

Once configured, demoUser1 is now able to access the app server with a browser that has the user certificate installed, as described in Certificate Template & Template CA Import into Client (Browser/SSL Client).

Note

You will also need to assign the necessary roles to demoUser1 to access the needed MarkLogic Server resources.

In this section: