Loading TOC...

admin:appserver-set-ssl-client-issuer-authority-verification

admin:appserver-set-ssl-client-issuer-authority-verification(
   $config as element(configuration),
   $appserver-id as xs:unsignedLong,
   $value as xs:boolean
) as element(configuration)

Summary

This function determines whether the App Server only accepts client certificates signed directly by a selected CA in the Admin Interface or client certificates that have a parent CA that is indirectly signed by one or more ancestor CAs selected in the Admin Interface (same as prior to MarkLogic 9.0-8).

Parameters
config A configuration specification, typically as returned from one of the Admin module functions.
appserver-id The ID of the App Server. Typically, this is the result of an admin:appserver-get-id call.
value Set to fn:true() to make the App Server only accept client certificates signed directly by a selected CA in the Admin Interface. Set to fn:false() to make the App Server accept client certificates that have a parent signer, along with all of its ancestor signers selected in the Admin Interface (same as prior to MarkLogic 9.0-8).

Required Privileges

This operation requires at least one of the following privileges:

http://marklogic.com/xdmp/privileges/admin/app-server-security

http://marklogic.com/xdmp/privileges/admin/app-server-security/{id}

http://marklogic.com/xdmp/privileges/admin/group-security

http://marklogic.com/xdmp/privileges/admin/group-security/{id}

Example



  xquery version "1.0-ml"; 
 
  import module namespace admin = "http://marklogic.com/xdmp/admin" 
      at "/MarkLogic/admin.xqy";

  let $config := admin:get-configuration()
  return
  admin:appserver-get-ssl-client-issuer-authority-verification(
                   $config, 
                   admin:appserver-get-id($config, (), "myAppServer"),
                   fn:true()) 
    

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.