Steps to renew SSL certificates for MarkLogic
16 February 2021 03:40 PM
When an SSL certificate is expired or out of date, it is necessary to renew the SSL certificates applied to a MarkLogic application server.
The following general steps are required to apply an SSL certificate.
Before proceeding, please note that you don't need to create a new template to renew an expired certificate as the existing template will work.
1. Creating a certificate request - A fresh csr can be generated from the MarkLogic Admin UI by navigating to Security -> Certificate Templates -> click [your_template] -> click the request tab -> Select radio button applicable for an expired/out of date certificate case. For additional information, refer to the Generating and Downloading Certificate Requests section of our Security Guide.
2. Download and send to certificate authority - The certificate template status page will display the newly generated request. You can download it and send it to your certificate authority for signing.
3. Import signed certificate into MarkLogic - After receiving the signed certificate back from the certificate authority, you can import it from our Admin UI by navigating to Security-> Certificate Templates -> click [your_template] -> Import tab. For additional information, refer to the Importing a Signed Certificate into MarkLogic Server section of our Security Guide.
4. Verify - To verify whether the certificate has been renewed, please look at the summary of your certificate authority. The newly added certificate should appear in certificate authority. Detailed instructions for this are available at Viewing Trusted Certificate Authorities.
If you are not able to view the certificate authority, then you may need to add the certificate as if it is a new CA. This can happen as if there was a change in CA certificate chain.