pki:generate-certificate-request( $template-id as xs:unsignedLong, $common-name as xs:string, $dns-name as xs:string?, $ip-addr as xs:string? ) as xs:string
This function generates a PEM encoded X.509 certificate request from the template for the specified id. If $dns-name or $ip-addr are specified, those values will override any values specified in the template. A new public/private key pair is generated for the request and inserted as a temporary document in the database. When the signed certificate is inserted later, it is matched up against this document and any previously in use private key / certificate is replaced with the new one.
The Admin UI will only set common-name, and leave both dns-name and ip-addr unspecified. Control over these values is provided only for power users to use through custom administration scripts.
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace pki = "http://marklogic.com/xdmp/pki" at "/MarkLogic/pki.xqy"; let $tid := pki:get-template-ids()[1] return pki:generate-certificate-request($tid, (), "marklogic.com", "127.0.0.1") => -----BEGIN CERTIFICATE REQUEST----- MIIByDCCATECAQIwRDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQH EwpTYW4gQ2FybG9zMRMwEQYDVQQKEwpNYXJrIExvZ2ljMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC6g8iGk1cgO4fFc+3f9kncQ/jEZLlTQESeKTfzglKL7YjS Eb85EjrND9MMnj/fEPxgRnoD6nfmiG54/xnj9A/0SnjtN1EVKb0XZaa6wh9KN8b4 jzlPPYzJ0sLkwBtesrCW3So4gdBYC+xExjDWzdILVj78wzaDMNA4lm9wR2oMHQID AQABoEQwQgYJKoZIhvcNAQkOMTUwMzARBglghkgBhvhCAQEEBAMCBkAwHgYDVR0R BBcwFYINbWFya2xvZ2ljLmNvbYcEfwAAATANBgkqhkiG9w0BAQUFAAOBgQCwey7j JXYsGBf+D4YADIC9Qtcx7Y528S3XDlnhsySA7U9+bILoV55OdSwswL194faIkBGD uG77BNsbtf332rmWit8AQPfTQF50agDYwZoall3OeVUp1b5ZPemC/9kp20PgsIOG jcxcxla0ZCvzdid4gB+1NfP5mnNrCLhMHsJ1IQ== -----END CERTIFICATE REQUEST-----
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.