Skip to main content

What's New in MarkLogic 11

Array Type is Preserved in x509 Certificate with Array-Valued Properties

In MarkLogic 9.0-1, if you use xdmp.x509CertificateGenerate to generate a certificate, and the configuration object includes array-valued properties, the array values were encoded as a single string. As of MarkLogic 9.0-2, the array type is preserved. This change applies to any Relative Distinguished Names (RDNs) within a Distinguished Name (DN), such as the issuer and subject DNs.

For example, in the following snippet, the issuer.organizationName property has an array value.

var certObj = {
  version: "2",
  serialNumber: "BA0195369CD6B679",
  issuer: {
    countryName: "US",
    stateOrProvinceName: "CA",
    localityName: "San Carlos",
    organizationName: ["MarkLogic", "Mark Logic"],
    organizationalUnitName: "Eng",
    emailAddress: "jdonner@marklogic.com",
    commonName: "JGD Certificate Authority",
  },...
};
var privateKey = ...;
xdmp.x509CertificatExtract(
  xdmp.x509CertificateGenerate(certObj, privateKey)
);

If you round trip the generated certificate through xdmp.x509CertificateExtract, you will see the following output for issuer.organizationName in MarkLogic 9.0-1 vs. MarkLogic 9.0-2.

// Marklogic 9.0-1
organizationName: "[\"MarkLogic\", \"Mark Logic\"]"
// MarkLogic 9.0-2 and later
organizationName: ["MarkLogic", "Mark Logic"]

If you do not have a certificate containing a multi-valued property, you will not notice any difference in behavior.

In this section: