[MarkLogic Dev General] Secure Application-to-Application communication

semerau at hotmail.com semerau at hotmail.com
Sat Mar 17 17:42:52 PDT 2012

I am looking to set up web services on an app server in one MarkLogic cluster that will be called by another app server in a different MarkLogic cluster. I would like to set it up so that the servers are configured to only accept connections from each other.

The connections will not be ad hoc so I would prefer to install certs or public keys for all apps on all the clusters. I would rather not have to log into the remote cluster all the time but let the servers trust the connections to the other servers, and let each server handle it's own user authentication, but yet have a trusted connections to remote servers.

The communication will be going "out in the wild" so I can't secure the networking connection (as with a VPN) between the servers so I'll need to use SSL for the protocol. This does not need to be an extremely fast connection because it's more of a command and control scenario, and each cluster will operate independently from each other and just periodically pass data and commands back and forth. The web service is what exposes the interaction between them, and not anything lower level like data replication.

So my questions are:

1. How do I set up one App Server (listening for web service requests) to only accept requests from previously configured remote clients and which are using the correct certs\keys?

2. How do I code the client side call in XQuery to pass the appropriate certs\key info to the other server and reject the connection if the server has the wrong certs\keys?

I know how to set up SSL on a server when a browser is involved, but I'm not real clear how to do this when another MarkLogic app server is involved as the client. I tried setting something up but both the server and client seem to accept any connection and any certs so I don't think I'm doing it securely enough.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20120317/61531ae5/attachment.html 

More information about the General mailing list