Loading TOC...


   $name as xs:string,
   $description as xs:string,
   $subject as element(x509:subject),
   $notBefore as xs:dateTime,
   $notAfter as xs:dateTime,
   $permissions as element(sec:permission)*
) as xs:unsignedLong


This function creates a new self-signed certificate authority, inserts it into the Security database as a trusted authority, and returns the ID of the newly created secure credential.

The certificate authority can be deleted by the pki:delete-authority function.

name The secure credential name.
description The secure credential description.
subject The certificate authority's subject name.
notBefore The time at which the authority becomes valid.
notAfter The time after which the authority is no longer valid.
permissions The permissions controlling access to the secure credential.


xquery version "1.0-ml"; 
import module namespace pki = "http://marklogic.com/xdmp/pki" 
      at "/MarkLogic/pki.xqy";

declare namespace x509 = "http://marklogic.com/xdmp/x509";

  "acme-ca", "Acme Certificate Authority",
  element x509:subject {
    element x509:countryName            {"US"},
    element x509:stateOrProvinceName    {"California"},
    element x509:localityName           {"San Carlos"},
    element x509:organizationName       {"Acme Inc."},
    element x509:organizationalUnitName {"Engineering"},
    element x509:commonName             {"Acme CA"},
    element x509:emailAddress           {"ca@acme.com"}
  fn:current-dateTime() + xs:dayTimeDuration("P365D"),

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.