MarkLogic Server 11.0 Product Documentationpki functions
The table below lists all the
pki built-in
functions (in this namespace:
http://marklogic.com/xdmp/pki).
The PKI library manages public key infrastructure state in the security database. All functions require that the caller have either a read or a write PKI execute privilege (http://marklogic.com/xdmp/privileges/pki-read, http://marklogic.com/xdmp/privileges/pki-write). All documents are in the PKI collection (http://marklogic.com/xdmp/pki).
All of these functions automatically invoke against the appropriate security database, and require that the user have the necessary invoke/invoke-in privileges.
The pki function module is installed as the following file:
install_dir/Modules/MarkLogic/pki.xqy
where install_dir is the directory in which
MarkLogic Server is installed.
To use the pki.xqy module in your own XQuery modules, include the following line in your XQuery prolog:
import module namespace pki = "http://marklogic.com/xdmp/pki"
at "/MarkLogic/pki.xqy";
The library uses the pki: namespace, which is
not predefined in the server.
46 functions
| Function name | Description |
|---|---|
| pki:authority-create-client-certificate | This function creates a client certificate, signed by the specified secure credential, and returns a PEM encoded client certificate and private key. |
| pki:authority-create-host-certificate | This function creates a host certificate, signed by the specified secure credential, and returns a PEM encoded host certificate and private key. |
| pki:authority-sign-host-certificate-request | This function signs a host certificate request. |
| pki:create-authority | This function creates a new self-signed certificate authority, inserts it into the Security database as a trusted authority, and returns the ID of the newly created secure credential. |
| pki:create-template | This function creates a new X.509 certificate request template. |
| pki:delete-authority | This function deletes a certificate authority that was created using pki:create-authority. |
| pki:delete-certificate | This function removes the specified certificate from the Security database. |
| pki:delete-template | This function removes the specified certificate request template from the Security database. |
| pki:generate-certificate-request | This function generates a PEM encoded X.509 certificate request from the template for the specified id. |
| pki:generate-template-certificate-authority | This function creates a common temporary certificate authority to sign all the certificates for the specified certificate template. |
| pki:generate-temporary-certificate | This function generates a new key pair and temporary certificate from the specified certificate template. |
| pki:generate-temporary-certificate-if-necessary | This function generates a new key pair and temporary certificate from the specified certificate template. |
| pki:get-certificate | This function returns the certificate for the specified template and host. |
| pki:get-certificate-pem | This function returns the PEM encoded certificate for the specified certificate template and common name combination. |
| pki:get-certificate-xml | This function returns the XML representation of the certificate for the specified id and common host name combination. |
| pki:get-certificates | This function returns the certificate data for the specified certificates. |
| pki:get-certificates-for-template | This function returns all of the certificates for the specified certificate template. |
| pki:get-certificates-for-template-xml | This function returns all of the certificates for the specified certificate template in XML format. |
| pki:get-pending-certificate-request | This function returns any pending certificate requests for the specified template id and host combination. |
| pki:get-pending-certificate-requests-pem | This function returns any pending certificate requests for the specified template. |
| pki:get-pending-certificate-requests-xml | This function returns any pending certificate requests for the specified template. |
| pki:get-template | This function returns the certificate template for the specified id. |
| pki:get-template-by-name | This function returns the certificate template with the specified name. |
| pki:get-template-certificate-authority | This function returns the certificate authority for the specified certificate template. |
| pki:get-template-ids | This function returns the ids for all of the certificate templates. |
| pki:get-trusted-certificate-ids | This function returns the ids of all of the trusted certificates in the Security database. |
| pki:insert-certificate-revocation-list | This function inserts a PEM- or DER-encoded Certificate Revocation List (CRL) into the security database. |
| pki:insert-host-certificate | This function inserts externally generated certificate into the database. |
| pki:insert-signed-certificates | This function inserts one or more PEM-encoded signed certificates into the database. |
| pki:insert-template | This function inserts the specified certificate request template into the Security database and returns the certificate template id. |
| pki:insert-trusted-certificates | This function inserts PEM-encoded certificates into the database without checking for a matching certificate request. |
| pki:is-temporary | This function returns true if the certificate is temporary. |
| pki:need-certificate | This function returns true if the certificate specified by the template id and host combination are not signed by a trusted certificate authority. |
| pki:template-get-description | This function returns the description of the specified certificate template. |
| pki:template-get-id | This function returns the id of the specified certificate template. |
| pki:template-get-key-options | This function returns all of the template key options set in the specified certificate template. |
| pki:template-get-key-type | This function returns the key type for the specified certificate template. |
| pki:template-get-name | This function returns the name of the specified certificate template. |
| pki:template-get-request | This function returns the request portion of the certificate template. |
| pki:template-get-version | This function returns the version number for the specified certificate template. |
| pki:template-in-use | This function checks whether a certificate template is in use by an App Server. |
| pki:template-set-description | This function changes the description of the specified certificate template and returns the XML containing the change. |
| pki:template-set-key-options | This function sets the options for generating new keys in the specified certificate template. |
| pki:template-set-key-type | This function changes the key type for the specified certificate template and returns the XML containing the change. |
| pki:template-set-name | This function changes the name of the specified certificate template and returns the XML containing the change. |
| pki:template-set-request | This function sets the request portion for the specified certificate template. |