pki:create-template( $name as xs:string, $description as xs:string, $key-type as xs:string?, $key-options as element()?, $csr as element(x509:req) ) as element(pki:template)
This function creates a new X.509 certificate request template. Each time
a new certificate request is generated, a new public/private key pair is
generated. A new random ID is generated and returned as part of the
element. This ID is used for identifying this template and its related
key pairs and certificates. The returned element must be separately
inserted into the database with pki:insert-template
.
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace pki = "http://marklogic.com/xdmp/pki" at "/MarkLogic/pki.xqy"; declare namespace x509 = "http://marklogic.com/xdmp/x509"; declare namespace ssl = "http://marklogic.com/xdmp/ssl"; let $x509 := <x509:req> <x509:version>0</x509:version> <x509:subject> <x509:countryName>US</x509:countryName> <x509:stateOrProvinceName>CA</x509:stateOrProvinceName> <x509:localityName>San Carlos</x509:localityName> <x509:organizationName>MarkLogic</x509:organizationName> <x509:organizationalUnitName>Engineering</x509:organizationalUnitName> <x509:commonName>my.host.com</x509:commonName> <x509:emailAddress>user@marklogic.com</x509:emailAddress> </x509:subject> <x509:v3ext> <x509:basicConstraints critical="false">CA:TRUE</x509:basicConstraints> <x509:keyUsage critical="false">Certificate Sign, CRL Sign</x509:keyUsage> <x509:nsCertType critical="false">SSL Server</x509:nsCertType> <x509:subjectKeyIdentifier critical="false">B2:2C:0C:F8:5E:A7:44:B7</x509:subjectKeyIdentifier> </x509:v3ext> </x509:req> let $options := <pki:key-options xmlns="ssl:options"> <key-length>2048</key-length> </pki:key-options> return pki:create-template( "testTemplate", "Creating a new template", "rsa", $options, $x509) (: Creates a new certificate template, named "testTemplate." :)