-
Create a key and certificate for the node server
-
Copy the certificate and key to the root of the project
-
Edit local.json or <env>.json file
-
Set "nodeJsCertificate" to the filename of the certificate created on step 1
"nodeJsCertificate": "<filename-of-certificate>"
-
Set "nodeJsPrivateKey" to the filename of the key created on step 1
"nodeJsPrivateKey": "<filename-of-private-key>"
Example:
{ "app-name": "slush-https", "ml-version": "8", "ml-host": "localhost", "ml-admin-user": "admin", "ml-admin-pass": "admin", "ml-app-user": "slush-https-user", "ml-app-pass": "2jr>5m9m;+#$tB$()", "ml-http-port": "55540", "node-port": "55570", "guest-access": "false", "disallow-updates": "false", "appusers-only": "false", "nodeJsCertificate": "server.crt", "nodeJsPrivateKey": "server.key" } -
-
Run node
$ gulp serve-local
-
Enable SSL on MarkLogic (skip if App Server is already in HTTPS)
See "How to enable HTTPS in MarkLogic App Server using Roxy?" below.
-
Download MarkLogic App Server Certificate
From the management console:
-
Click on 'Configure'
-
Click on 'Security'
-
Click on 'Certificate Templates'
-
Under the 'Summary' page on right, click on the match to the "ssl-certificate-template"
-
Click on the 'Status' tab
-
Click 'Download' button
-
Copy the file in the root of the project
-
-
Edit local.json or <env>.json
-
If using self signed certificate set "httpsStrict" this to false
"httpsStrict": "false"
-
Set the value of "mlCertificate" to the MarkLogic Certificate created in Step 2
"mlCertificate": "certificate-ml.crt"
Example:
{ "app-name": "slush-https", "ml-version": "8", "ml-host": "localhost", "ml-admin-user": "admin", "ml-admin-pass": "admin", "ml-app-user": "slush-https-user", "ml-app-pass": "2jr>5m9m;+#$tB$()", "ml-http-port": "55540", "node-port": "55570", "guest-access": "false", "disallow-updates": "false", "appusers-only": "false", "httpsStrict": "false", "mlCertificate": "certificate-ml.crt" }-
Run node
$ gulp serve-local
-
-
Uncomment and fill up the following in build.properties or create and fillup in local.properties or .properties file
ssl-certificate-template= ssl-certificate-countryName= ssl-certificate-stateOrProvinceName= ssl-certificate-localityName= ssl-certificate-organizationName= ssl-certificate-organizationalUnitName= ssl-certificate-emailAddress=
Example:
ssl-certificate-template=sample-template ssl-certificate-countryName=PH ssl-certificate-stateOrProvinceName=NCR ssl-certificate-localityName=Mandaluyong City ssl-certificate-organizationName=MarkLogic Philippines ssl-certificate-organizationalUnitName=Vanguard ssl-certificate-emailAddress=sample.sample@marklogic.com
-
Uncomment ssl-certificate-template from ml-config.xml
<ssl-certificate-template>@ml.ssl-certificate-template</ssl-certificate-template>
-
Bootstrap to create and enable certificate
$ ./ml local bootstrap -
Verify ML App server setting
From the management console (usually http://localhost:8001):
-
Click on 'Configure'
-
Click on 'Groups'
-
Under the App Servers click on the specific app server you created
-
Scroll down to the bottom of the page
-
"ssl certificate template"should be set to the "ssl-certificate-template" from Step 1 -
"ssl require client certificate"should betrue
-
####Note:
To create a template, uncomment at least ssl-certificate-template (ml-config.xml),
ssl-certificate-countryName (<env>.properties), and ssl-certificate-oranizationName (<env>.properties)
Out of the box, roxy cannot deploy server side code while SSL is enabled in ML.
You have to disable HTTPS first before doing a deploy.
Refer to "How to disable HTTPS in MarkLogic App Server?" below.
From the management console:
-
Click on "Configure"
-
Click on "Groups"
-
Under the "App Servers" click on the specific app server you created
-
Scroll down to the bottom of the page
-
Set
"ssl certificate template"to"none" -
Click "ok" button