MarkLogic Server 11.0 Product Documentation
POST /manage/v2/certificate-templatesSummary
This resource address creates a new certificate template in the Security
database.
URL Parameters |
format |
The format of the posted data. Can be either
html , json , or xml (default). This value overrides
the Accept header if both are present. |
Request Headers |
Accept |
The expected MIME type of the request body. If
the format? parameter is present, it takes precedence over the Accept header. |
Content-type |
The MIME type of the data in the request
body. Depending upon the value of the format parameter or Accept header, one of
application/xml , application/json , or text/html . |
Response Headers |
Content-type |
The MIME type of the data in the response
body. Depending upon the value of the format parameter or Accept header, one of
application/xml , application/json , or text/html . |
Location |
If the request causes a restart, a Location
header is included in the reponse. The header contains a path with which to construct a URL
to usable to test when the restart has completed. |
Response
Upon success, MarkLogic Server returns status code 201 (Created). If the
certificate template already exists or if the payload is malformed, a status code of 400 (Bad
Request) is returned. A status code of 401 (Unauthorized) is returned if the user does not
have the necessary privileges.
Required Privileges
This operation requires one of the following:
- the
manage-admin
and security
role
- the following privileges:
http://marklogic.com/xdmp/privileges/manage
http://marklogic.com/xdmp/privileges/manage-admin
http://marklogic.com/xdmp/privileges/get-user
http://marklogic.com/xdmp/privileges/xslt-invoke
Usage Notes
The structure of the data in the request body is as follows. The name
,
description
, and csr
properties are required.
The value of
the
key-options
is essentially arbitrary XML. This cannot be encoded in JSON
without limitations. The JSON format therefore accepts only a subset of the possible key
option values.
template-id
A certificate template id. The template-id element is not permitted
when using HTTP POST to create a new template. It is permitted
in HTTP PUT, as a convenience,
but must have the same value as returned by HTTP GET.
template-name
The name of the certificate request template.
template-description
A description of the certificate request template.
template-version
The certificate template's version.
key-type
The type of key to use (e.g. rsa).
key-options
The options for generating keys.
This is a complex structure with the following children:
key-length
The permitted key lengths.
pass-phrase
The pass phrase.
req
An X.509 certificate request
This is a complex structure with the following children:
version
The X509 version.
subject
The subject for a certificate or certificate request. You should
fill in as many of these fields as possible because individual
certificate authorities have specific requirements for which fields
must have values. If a required field is missing, a certificate
authority will typically reject your certificate request with a
cryptic error message that your request is bad.
This is a complex structure with the following children:
countryName
A two character country code (e.g. "US").
stateOrProvinceName
The state or province your server is in.
localityName
The city your server is in.
organizationName
The organization or company your server belongs to (e.g. MarkLogic).
organizationalUnitName
The organizational unit your server belongs to (e.g. Engineering).
emailAddress
The email address to contact regarding your server
(e.g. webmaster@yourcompany.com).
commonName
The common name of your server (e.g. www.yourcompany.com). This may be
left blank when creating a certificate template, since individual
servers will use their own host name.
v3ext
The X509v3 extensions.
Example
cat myTemplate.json
==>
{
"template-name": "myTemplate",
"template-description": "My Template2",
"key-type": "rsa",
"key-options": {
"key-length": "2048"
},
"req": {
"version": "0",
"subject": {
"countryName": "US",
"stateOrProvinceName": "CA",
"localityName": "San Carlos",
"organizationName": "MarkLogic",
"organizationalUnitName": "Engineering",
"commonName": "dude.marklogic.com",
"emailAddress": "dude@marklogic.com"
}
}
}
curl -X POST --anyauth -u admin:admin --header "Content-Type:application/json" \
-d @myTemplate.json http://localhost:8002/manage/v2/certificate-templates
==> Creates a certificate template, named "myTemplate" in the Security database.
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.