Loading TOC...

admin:appserver-set-ssl-client-certificate-authorities

admin:appserver-set-ssl-client-certificate-authorities(
   $config as element(configuration),
   $appserver-id as xs:unsignedLong,
   $value as xs:unsignedLong*
) as element(configuration)

Summary

This function sets one or more client certificate authorities that sign client certificates for the specified App Server. This function is typically used along with the pki:insert-trusted-certificates and pki:get-trusted-certificate-ids functions to import trusted Certificate Authorities for client certificates.

Parameters
config A configuration specification, typically as returned from one of the Admin module functions.
appserver-id The ID of the App Server. Typically, this is the result of an admin:appserver-get-id call.
value One or more ids for trusted certificates generated by the certificate authority to be set.

Required Privileges

This operation requires at least one of the following privileges:

http://marklogic.com/xdmp/privileges/admin/app-server-security

http://marklogic.com/xdmp/privileges/admin/app-server-security/{id}

http://marklogic.com/xdmp/privileges/admin/group-security

http://marklogic.com/xdmp/privileges/admin/group-security/{id}

Example


  xquery version "1.0-ml";

  import module namespace pki = "http://marklogic.com/xdmp/pki"
        at "/MarkLogic/pki.xqy";
  import module namespace admin = "http://marklogic.com/xdmp/admin"
  at "/MarkLogic/admin.xqy";

  declare namespace x509 = "http://marklogic.com/xdmp/x509";

  let $config := admin:get-configuration()
  let $groupid := admin:group-get-id($config, "Default")
  let $appservid := admin:appserver-get-id($config, $groupid, "myAppServer")

  let $cert-id :=
    for $cert in pki:get-certificates(pki:get-trusted-certificate-ids())
      where $cert/x509:cert/x509:subject/x509:commonName eq "Acme Certificate Authority" and
            $cert/x509:cert/x509:subject/x509:organizationName eq "Acme Corporation"
    return
      fn:data($cert/pki:certificate-id)

  return
    admin:appserver-set-ssl-client-certificate-authorities(
	$config,
        $appservid,
	$cert-id)

  (: Locates the trusted certificates from the Certificate Authority, "Acme
     Corporation," with the common name of "Acme Certificate Authority" and
     adds the Certificate Authority to the list of Client Certificate Authorities
     for the App Server, "myAppServer." Use admin:save-configuration to save the
     changes to the configuration or pass the configuration to other Admin API
     functions to make other changes.:)
     

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.