MarkLogic 9 Product Documentation
pki:authority-create-client-certificate

pki:authority-create-client-certificate(
   $credential-id as xs:unsignedLong,
   $subject as element(x509:subject),
   $notBefore as xs:dateTime,
   $notAfter as xs:dateTime
) as xs:string*

Summary

This function creates a client certificate, signed by the specified secure credential, and returns a PEM encoded client certificate and private key.

Parameters
credential-id	The ID of the security credential for the authority.
subject	The client certificate subject.
notBefore	The time at which the certificate becomes valid.
notAfter	The time after which the certificate is no longer valid.

Example


xquery version "1.0-ml"; 
 
import module namespace pki = "http://marklogic.com/xdmp/pki" 
      at "/MarkLogic/pki.xqy";

declare namespace x509 = "http://marklogic.com/xdmp/x509";

let $tmp :=
  pki:authority-create-client-certificate(
    xdmp:credential-id("acme-ca"),
    element x509:subject {
      element x509:countryName            {"US"},
      element x509:stateOrProvinceName    {"California"},
      element x509:localityName           {"San Carlos"},
      element x509:organizationName       {"Acme Inc."},
      element x509:organizationalUnitName {"Engineering"},
      element x509:commonName             {"Elmer Fudd"},
      element x509:emailAddress           {"elmer.fudd@acme.com"}
    },
    fn:current-dateTime(),
    fn:current-dateTime() + xs:dayTimeDuration("P365D"))
let $cert := $tmp[1]
let $privkey := $tmp[2]
return ( xdmp:x509-certificate-extract($cert), $cert, $privkey )

MarkLogic 9 Product Documentationpki:authority-create-client-certificate

Summary

Example

MarkLogic 9 Product Documentation
pki:authority-create-client-certificate