Enabling SSL for an App Server
After creating a certificate template, you can enable SSL for an HTTP, ODBC, WebDAV, or XDBC server.
Click the Groups icon in the left tree menu.
Click the group in which you want to define the HTTP server (for example, Default).
Click the App Servers icon on the left tree menu.
Either create a new server by clicking on one of the Create server_type tabs or select an existing server from the left tree menu.
The SSL fields are located at the bottom of the server specification page.
In the SSL Certificate Template field, select the certificate template you created in Creating a Certificate Template. Selecting a certificate template implicitly enables SSL for the app server.
(Optional) The SSL Hostname field should only be filled in when a proxy or load balancer is used to represent multiple servers. In this case, you can specify an SSL hostname here and all instances of the application server will identify themselves as that host.
(Optional) In the SSL Ciphers field, you can either use the default (
ALL:!LOW:@STRENGTH) or one or more of the SSL ciphers defined inhttps://www.openssl.org/docs/man1.0.2/man1/ciphers.html.(Optional) If you want SSL to require clients to provide a certificate, select True for SSL Require Client Certificate. Then select Show under SSL Client Certificate Authorities and which certificate authority is to be used to sign client certificates for the server.
(Optional) Set SSL Client Issuer Authority Verification to
Trueto ensure that the app server will accept client certificates only signed directly by a selected CA from the SSL Client Certificate Authorities list. A setting ofFalseenables the app server to accept client certificates that have a parent CA that is indirectly signed by one or more ancestor CAs selected in the Admin Interface (same as prior to MarkLogic Server 9.0-8).