1

I have a query regarding the PRIVATE KEY of SSL certificate generated via Marklogic. I created the CSR file via Marklogic "Certificate Templates", downloaded it, sent it for signing and got the signed certificate back. I imported the signed certificate in Marklogic, it accepted the signed certificate and is running on HTTPS. In this entire process, private key is never generated.

Now, I need to use the same SSL certificate on the same server for the NODEJS application which is being designed for Marklogic. My NodeJS app and Marklogic are on the same server. To use the SSL certificate with NODEJS, I need to know the private key which I never received/created. Generally, when we use OPENSSL, we create a private key which never got created via MarkLogic.

Please help me in knowing if I missed anything ? How can I find the private key ?

The screen shot below is of the certificate created via Marklogic template.

Any help would be much appreciated. Thanks in advance!

Gavin Wong
  • 1,254
  • 1
  • 6
  • 15
MarsTelnet
  • 471
  • 7
  • 18

2 Answers2

1

https://docs.marklogic.com/sec:credential-get-private-key

This function returns the private key for a credential, if it exists.

Usage Notes This function must be executed against the security database.

xquery version "1.0-ml"; 
 
import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";
 
sec:credential-get-private-key("my-secure-credential")

You can always generate your CSR outside of MarkLogic using openSSL and then import the signed cert, rather than generating with MarkLogic.

https://help.marklogic.com/Knowledgebase/Article/View/297/0/import-pre-signed-certificate-and-key-for-marklogic-https-app-server

Mads Hansen
  • 63,927
  • 12
  • 112
  • 147
  • Thanks for the quick reply. Let me test. – MarsTelnet Jul 16 '20 at 16:36
  • The function above needs credentials of private key. In my case, it never got generated so I don't have credentials. Please refer to following link : https://help.marklogic.com/Knowledgebase/Article/View/202#:~:text=1.,out%20of%20date%20certificate%20case. I followed it step by step. Private key is never generated. However, CSR is generated. To my knowledge, CSR can not be generated without Private Key. So, I am assuming that Marklogic is storing the private key somewhere in the security database. – MarsTelnet Jul 17 '20 at 04:27
0

Eventually, I figured out the best way to do it. Refer to following link.

https://help.marklogic.com/Knowledgebase/Article/View/using-keystore-explorer-to-generate-ca-root-and-end-user-ssl-certificates-for-marklogic-server

  1. Generate your own certificate using keystore explorer tool (http://keystore-explorer.org/) as mentioned in above link.
  2. Create your own private key.
  3. Get your certificate signed.
  4. Import signed certificate in MarkLogic and use the private key created in step 2.

This worked for me. Thanks.

MarsTelnet
  • 471
  • 7
  • 18