I’m attempting to make an API call using xdml:http-get and having a problem
with the SSL certificate verification. Here’s the code I’m using:
let $accountInfo := xdmp:http-get($baseURI,
<options xmlns="xdmp:http">
<authentication method="basic">
<username>username</username>
<password>password</password>
</authentication>
<verify-cert>true</verify-cert>
</options>)
And here’s the error message I get:
System ID: /Users/xyz/Documents/Digital objects/api
testing/get_account_test.xquery
Severity: error
Description: SVC-SOCCONN:
xdmp:http-get("https://api-publisher.cdn-provider.com<https://api-publisher.mirror-image.com/v5/>",
<options xmlns="xdmp:http"><authentication
method="basic"><username>xxx</username><passwor...</options>) -- Socket connect
error: SSL_connect 172.16.12.139:52345-104.131.189.21:443: certificate verify
failed (0x14090086)
Start location: 13:0
We’ve verified that the certificates are configured properly and are valid and
that the call isn’t being blocked by our firewall (the trace showed the
connection reaching from the firewall to the IP address).
In addition, when we tried to replicate the call through other tools (including
Postman and Python’s Requests module),we are able to make the call without
errors.
Finally, if I set verify-cert to false, the call goes through just fine and we
can hit endpoints in the external API cleanly.
It seems pretty clear that if we want to verify a certificate via the
xdmp:http-get() call, then there must be some configuration within MarkLogic
that needs to be set up to verify the cert.
I’ve checked the Administrator’s Guide and read the “Configuring SSL on App
Servers” section, but in this case we’re not trying to configure SSL on a
MarkLogic App Server, we’re calling an external API and trying to verify the
external cert. so that we can securely access the API endpoints.
My questions are:
1. am I missing documentation somewhere for configuring Mark Logic to verify
external certs?
2. has anyone tried this, if so how did you manage it?
We’re running MarkLogic 8.0-3.2.
Thanks,
Rob
Robert Chavez | Senior Content Solutions Architect | NEJM Group
860 Winter Street, Waltham, MA 02451 | 781-434-7537 |
r<mailto:[email protected]>[email protected]<mailto:[email protected]>
This email message is a private communication. The information transmitted,
including attachments, is intended only for the person or entity to which it is
addressed and may contain confidential, privileged, and/or proprietary
material. Any review, duplication, retransmission, distribution, or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is unauthorized by the sender and is
prohibited. If you have received this message in error, please contact the
sender immediately by return email and delete the original message from all
computer systems. Thank you.
_______________________________________________
General mailing list
[email protected]
Manage your subscription at:
http://developer.marklogic.com/mailman/listinfo/general
