MarkLogic 10 Product Documentationpki:insert-certificate-revocation-list
pki:insert-certificate-revocation-list( $url as xs:string, $crl as item() ) as empty-sequence()
Summary
This function inserts a PEM- or DER-encoded Certificate Revocation List (CRL) into the security database. A CRL is a list of certificate serial numbers that have been revoked, and the revocation date of each. The CRL is signed by the Certificate Authority to verify its accuracy. The CRL contains two dates, one indicating when it was published and the other indicating when it will next be published. This is useful in determining whether a newer CRL should be fetched.
Certificate Authorities typically allow the CRL to be downloaded via HTTP. The document URL in the database is derived from the URL passed in to the function, so Inserting a newer CRL retrieved from the same URL will replace the previous one in the database.| Parameters | |
|---|---|
| url | The URL from which the CRL was downloaded. |
| crl | The PEM- or DER-encoded CRL. |
Example
xquery version "1.0-ml";
import module namespace pki = "http://marklogic.com/xdmp/pki"
at "/MarkLogic/pki.xqy";
let $URI := "http://crl.verisign.com/pca3.crl"
return
pki:insert-certificate-revocation-list(
$URI,
xdmp:document-get($URI)/binary() )
(: Inserts a CRL from Verisign into the database. :)