You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/configuration.md
+13-4Lines changed: 13 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -34,6 +34,10 @@ These options define how the connector connects and authenticates with MarkLogic
34
34
| spark.marklogic.client.saml.token | Required for `saml` authentication. |
35
35
| spark.marklogic.client.sslEnabled | If 'true', an SSL connection is created using the JVM's default SSL context.
36
36
| spark.marklogic.client.sslHostnameVerifier | Either `any`, `common`, or `strict`; see the [MarkLogic Java Client documentation](https://docs.marklogic.com/javadoc/client/com/marklogic/client/DatabaseClientFactory.SSLHostnameVerifier.html) for more information on these choices. |
37
+
| spark.marklogic.client.ssl.keystore.path | File path to a Java keystore for 2-way SSL; since 2.1.0. |
38
+
| spark.marklogic.client.ssl.keystore.password | Optional password for a Java keystore for 2-way SSL; since 2.1.0. |
39
+
| spark.marklogic.client.ssl.keystore.type | Java keystore type for 2-way SSL; defaults to "JKS"; since 2.1.0. |
40
+
| spark.marklogic.client.ssl.keystore.algorithm | Java keystore algorithm for 2-way SSL; defaults to "SunX509"; since 2.1.0. |
37
41
| spark.marklogic.client.uri | Shortcut for setting the host, port, username, and password when using `basic` or `digest` authentication. See below for more information. |
38
42
39
43
### Connecting with a client URI
@@ -67,10 +71,15 @@ triplet. For example, a password of `sp@r:k` must appear in the `spark.marklogic
67
71
68
72
### Configuring SSL
69
73
70
-
If the MarkLogic app server that the connector will connect to requires SSL, the `spark.marklogic.client.sslEnabled`
71
-
option must be set to 'true'. This causes the associated JVM's certificate store - typically the
72
-
`$JAVA_HOME/jre/lib/security/cacerts` file - to be used for establishing an SSL connection. The certificate store
73
-
should contain the public certificate associated with the SSL certificate template used by the MarkLogic app server.
74
+
If the MarkLogic app server that the connector will connect to requires SSL but does not require that the client
75
+
present a certificate, set the `spark.marklogic.client.sslEnabled` option to 'true'. This causes the associated JVM's certificate store - typically the `$JAVA_HOME/jre/lib/security/cacerts` file - to be used for establishing an SSL connection. The certificate store should contain the public certificate associated with the SSL certificate template
76
+
used by the MarkLogic app server.
77
+
78
+
Starting in 2.1.0, if the MarkLogic app server requires the client to present a certificate, set the
79
+
`spark.marklogic.client.ssl.keystore.path` option to point to a Java keystore containing the client certificate.
80
+
Set `spark.marklogic.client.ssl.keystore.password` if the keystore requires a password. The keystore will also be used
81
+
as the truststore so it must also contain the public certificate associated with the SSL certificate template used
82
+
by the MarkLogic app server. A future release of the connector will allow for the truststore to be a separate file.
74
83
75
84
If you receive an error containing a message of "PKIX path building failed", the most likely issue is that your JVM's
76
85
certificate store does not contain the public certificate associated with the MarkLogic app server, or your Spark
0 commit comments