MarkLogic Server 11.0 Product Documentationpki:generate-certificate-request
pki:generate-certificate-request( $template-id as xs:unsignedLong, $common-name as xs:string, $dns-name as xs:string?, $ip-addr as xs:string? ) as xs:string
Summary
This function generates a PEM encoded X.509 certificate request from the template for the specified id. If $dns-name or $ip-addr are specified, those values will override any values specified in the template. A new public/private key pair is generated for the request and inserted as a temporary document in the database. When the signed certificate is inserted later, it is matched up against this document and any previously in use private key / certificate is replaced with the new one.
The Admin UI will only set common-name, and leave both dns-name and ip-addr unspecified. Control over these values is provided only for power users to use through custom administration scripts.
Example
(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace pki = "http://marklogic.com/xdmp/pki"
at "/MarkLogic/pki.xqy";
let $tid := pki:get-template-ids()[1]
return
pki:generate-certificate-request($tid, (), "marklogic.com", "127.0.0.1")
=>
-----BEGIN CERTIFICATE REQUEST-----
MIIByDCCATECAQIwRDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQH
EwpTYW4gQ2FybG9zMRMwEQYDVQQKEwpNYXJrIExvZ2ljMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC6g8iGk1cgO4fFc+3f9kncQ/jEZLlTQESeKTfzglKL7YjS
Eb85EjrND9MMnj/fEPxgRnoD6nfmiG54/xnj9A/0SnjtN1EVKb0XZaa6wh9KN8b4
jzlPPYzJ0sLkwBtesrCW3So4gdBYC+xExjDWzdILVj78wzaDMNA4lm9wR2oMHQID
AQABoEQwQgYJKoZIhvcNAQkOMTUwMzARBglghkgBhvhCAQEEBAMCBkAwHgYDVR0R
BBcwFYINbWFya2xvZ2ljLmNvbYcEfwAAATANBgkqhkiG9w0BAQUFAAOBgQCwey7j
JXYsGBf+D4YADIC9Qtcx7Y528S3XDlnhsySA7U9+bILoV55OdSwswL194faIkBGD
uG77BNsbtf332rmWit8AQPfTQF50agDYwZoall3OeVUp1b5ZPemC/9kp20PgsIOG
jcxcxla0ZCvzdid4gB+1NfP5mnNrCLhMHsJ1IQ==
-----END CERTIFICATE REQUEST-----