Loading TOC...

pki:authority-create-client-certificate

pki:authority-create-client-certificate(
   $credential-id as xs:unsignedLong,
   $subject as element(x509:subject),
   $notBefore as xs:dateTime,
   $notAfter as xs:dateTime
) as xs:string*

Summary

This function creates a client certificate, signed by the specified secure credential, and returns a PEM encoded client certificate and private key.

Parameters
$credential-id The ID of the security credential for the authority.
$subject The client certificate subject.
$notBefore The time at which the certificate becomes valid.
$notAfter The time after which the certificate is no longer valid.

Example


xquery version "1.0-ml"; 
 
import module namespace pki = "http://marklogic.com/xdmp/pki" 
      at "/MarkLogic/pki.xqy";

declare namespace x509 = "http://marklogic.com/xdmp/x509";

let $tmp :=
  pki:authority-create-client-certificate(
    xdmp:credential-id("acme-ca"),
    element x509:subject {
      element x509:countryName            {"US"},
      element x509:stateOrProvinceName    {"California"},
      element x509:localityName           {"San Carlos"},
      element x509:organizationName       {"Acme Inc."},
      element x509:organizationalUnitName {"Engineering"},
      element x509:commonName             {"Elmer Fudd"},
      element x509:emailAddress           {"elmer.fudd@acme.com"}
    },
    fn:current-dateTime(),
    fn:current-dateTime() + xs:dayTimeDuration("P365D"))
let $cert := $tmp[1]
let $privkey := $tmp[2]
return ( xdmp:x509-certificate-extract($cert), $cert, $privkey ) 
    

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.