Loading TOC...

pki functions

The table below lists all the pki built-in functions (in this namespace: http://marklogic.com/xdmp/pki).

The PKI library manages public key infrastructure state in the security database. All functions require that the caller have either a read or a write PKI execute privilege (http://marklogic.com/xdmp/privileges/pki-read, http://marklogic.com/xdmp/privileges/pki-write). All documents are in the PKI collection (http://marklogic.com/xdmp/pki).

All of these functions automatically invoke against the appropriate security database, and require that the user have the necessary invoke/invoke-in privileges.

The pki function module is installed as the following file:

install_dir/Modules/MarkLogic/pki.xqy

where install_dir is the directory in which MarkLogic Server is installed.

To use the pki.xqy module in your own XQuery modules, include the following line in your XQuery prolog:

import module namespace pki = "http://marklogic.com/xdmp/pki" at "/MarkLogic/pki.xqy";

The library uses the pki: namespace, which is not predefined in the server.

46 functions
Function name Description
pki:authority-create-client-certificate This function creates a client certificate, signed by the specified secure credential, and returns a PEM encoded client certificate and private key.
pki:authority-create-host-certificate This function creates a host certificate, signed by the specified secure credential, and returns a PEM encoded host certificate and private key.
pki:authority-sign-host-certificate-request This function signs a host certificate request.
pki:create-authority This function creates a new self-signed certificate authority, inserts it into the Security database as a trusted authority, and returns the ID of the newly created secure credential.
pki:create-template This function creates a new X.509 certificate request template.
pki:delete-authority This function deletes a certificate authority that was created using pki:create-authority.
pki:delete-certificate This function removes the specified certificate from the Security database.
pki:delete-template This function removes the specified certificate request template from the Security database.
pki:generate-certificate-request This function generates a PEM encoded X.509 certificate request from the template for the specified id.
pki:generate-template-certificate-authority This function creates a common temporary certificate authority to sign all the certificates for the specified certificate template.
pki:generate-temporary-certificate This function generates a new key pair and temporary certificate from the specified certificate template.
pki:generate-temporary-certificate-if-necessary This function generates a new key pair and temporary certificate from the specified certificate template.
pki:get-certificate This function returns the certificate for the specified template and host.
pki:get-certificate-pem This function returns the PEM encoded certificate for the specified certificate template and common name combination.
pki:get-certificate-xml This function returns the XML representation of the certificate for the specified id and common host name combination.
pki:get-certificates This function returns the certificate data for the specified certificates.
pki:get-certificates-for-template This function returns all of the certificates for the specified certificate template.
pki:get-certificates-for-template-xml This function returns all of the certificates for the specified certificate template in XML format.
pki:get-pending-certificate-request This function returns any pending certificate requests for the specified template id and host combination.
pki:get-pending-certificate-requests-pem This function returns any pending certificate requests for the specified template.
pki:get-pending-certificate-requests-xml This function returns any pending certificate requests for the specified template.
pki:get-template This function returns the certificate template for the specified id.
pki:get-template-by-name This function returns the certificate template with the specified name.
pki:get-template-certificate-authority This function returns the certificate authority for the specified certificate template.
pki:get-template-ids This function returns the ids for all of the certificate templates.
pki:get-trusted-certificate-ids This function returns the ids of all of the trusted certificates in the Security database.
pki:insert-certificate-revocation-list This function inserts a PEM- or DER-encoded Certificate Revocation List (CRL) into the security database.
pki:insert-host-certificate This function inserts externally generated certificate into the database.
pki:insert-signed-certificates This function inserts one or more PEM-encoded signed certificates into the database.
pki:insert-template This function inserts the specified certificate request template into the Security database and returns the certificate template id.
pki:insert-trusted-certificates This function inserts PEM-encoded certificates into the database without checking for a matching certificate request.
pki:is-temporary This function returns true if the certificate is temporary.
pki:need-certificate This function returns true if the certificate specified by the template id and host combination are not signed by a trusted certificate authority.
pki:template-get-description This function returns the description of the specified certificate template.
pki:template-get-id This function returns the id of the specified certificate template.
pki:template-get-key-options This function returns all of the template key options set in the specified certificate template.
pki:template-get-key-type This function returns the key type for the specified certificate template.
pki:template-get-name This function returns the name of the specified certificate template.
pki:template-get-request This function returns the request portion of the certificate template.
pki:template-get-version This function returns the version number for the specified certificate template.
pki:template-in-use This function checks whether a certificate template is in use by an App Server.
pki:template-set-description This function changes the description of the specified certificate template and returns the XML containing the change.
pki:template-set-key-options This function sets the options for generating new keys in the specified certificate template.
pki:template-set-key-type This function changes the key type for the specified certificate template and returns the XML containing the change.
pki:template-set-name This function changes the name of the specified certificate template and returns the XML containing the change.
pki:template-set-request This function sets the request portion for the specified certificate template.