MarkLogic 10 Product Documentation
pki:need-certificate

pki:need-certificate(
   $template-id as xs:unsignedLong,
   $common-name as xs:string,
   $dns-name as xs:string?,
   $ip-addr as xs:string?
) as xs:boolean

Summary

This function returns true if the certificate specified by the template id and host combination are not signed by a trusted certificate authority. Otherwise, false is returned. The common name must be specified. The DNS name and IP address are optional.

Parameters
template-id The certificate template id for the certificate.
common-name The common hostname (e.g., myhost.company.com or company.com) in the certificate.
dns-name The DNS name in the certificate.
ip-addr The IP address name in the certificate.

Example

  (: execute this against the security database :)
  xquery version "1.0-ml"; 
  import module namespace pki = "http://marklogic.com/xdmp/pki" 
      at "/MarkLogic/pki.xqy";
  import module namespace admin = "http://marklogic.com/xdmp/admin" 
      at "/MarkLogic/admin.xqy";

   "The certificates for the following templates are unsigned:", "",

  let $config := admin:get-configuration()
  let $hostname := admin:host-get-name(
                       $config, 
                       admin:host-get-id($config, xdmp:host-name()))

  for $tid in pki:get-template-ids()   
     return if (pki:need-certificate($tid, $hostname, (), ())) 
        then pki:template-get-name(pki:get-template($tid))   
        else ()
 
  (: Returns the list templates for which there are unsigned certificates. :)
  
Powered by MarkLogic Server | Terms of Use | Privacy Policy