admin.appserverSetSslClientCertificateAuthorities( config as element(configuration), appserver-id as (Number|String), value as (Number|String)[] ) as element(configuration)
This function sets one or more client certificate authorities that sign
client certificates for the specified App Server. This function is typically used along with
the pki:insert-trusted-certificates
and pki:get-trusted-certificate-ids
functions to import trusted Certificate Authorities for client certificates.
http://marklogic.com/xdmp/privileges/admin/app-server-security
http://marklogic.com/xdmp/privileges/admin/app-server-security/{id}
http://marklogic.com/xdmp/privileges/admin/group-security
http://marklogic.com/xdmp/privileges/admin/group-security/{id}
xquery version "1.0-ml"; import module namespace pki = "http://marklogic.com/xdmp/pki" at "/MarkLogic/pki.xqy"; import module namespace admin = "http://marklogic.com/xdmp/admin" at "/MarkLogic/admin.xqy"; declare namespace x509 = "http://marklogic.com/xdmp/x509"; let $config := admin:get-configuration() let $groupid := admin:group-get-id($config, "Default") let $appservid := admin:appserver-get-id($config, $groupid, "myAppServer") let $cert-id := for $cert in pki:get-certificates(pki:get-trusted-certificate-ids()) where $cert/x509:cert/x509:subject/x509:commonName eq "Acme Certificate Authority" and $cert/x509:cert/x509:subject/x509:organizationName eq "Acme Corporation" return fn:data($cert/pki:certificate-id) return admin:appserver-set-ssl-client-certificate-authorities( $config, $appservid, $cert-id) (: Locates the trusted certificates from the Certificate Authority, "Acme Corporation," with the common name of "Acme Certificate Authority" and adds the Certificate Authority to the list of Client Certificate Authorities for the App Server, "myAppServer." Use admin:save-configuration to save the changes to the configuration or pass the configuration to other Admin API functions to make other changes.:)
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.