Loading TOC...

pki:create-template

pki:create-template(
   $name as xs:string,
   $description as xs:string,
   $key-type as xs:string?,
   $key-options as element()?,
   $csr as element(x509:req)
) as element(pki:template)

Summary

This function creates a new X.509 certificate request template. Each time a new certificate request is generated, a new public/private key pair is generated. A new random ID is generated and returned as part of the element. This ID is used for identifying this template and its related key pairs and certificates. The returned element must be separately inserted into the database with pki:insert-template.

Parameters
name The name of the certificate request template.
description A description of the certificate request template.
key-type The type of key to use (enter "rsa").
key-options The options for generating new keys. The valid options are key-length, which specifies the number of bits in a key (512, 1024, 2048, 4096), and pass-phrase, which specifies the pass phrase for encrypting/decrypting a private key.
csr An XML representation of the certificate request template.

Example

     (: execute this against the security database :)
     xquery version "1.0-ml"; 

     import module namespace pki = "http://marklogic.com/xdmp/pki" 
         at "/MarkLogic/pki.xqy";

     declare namespace x509 = "http://marklogic.com/xdmp/x509";
     declare namespace ssl = "http://marklogic.com/xdmp/ssl";

     let $x509 := 
       <x509:req>
         <x509:version>0</x509:version>
         <x509:subject>    
           <x509:countryName>US</x509:countryName>
           <x509:stateOrProvinceName>CA</x509:stateOrProvinceName>
           <x509:localityName>San Carlos</x509:localityName>
           <x509:organizationName>MarkLogic</x509:organizationName>
           <x509:organizationalUnitName>Engineering</x509:organizationalUnitName>
           <x509:commonName>my.host.com</x509:commonName>
           <x509:emailAddress>user@marklogic.com</x509:emailAddress>
         </x509:subject>
         <x509:v3ext>
           <x509:basicConstraints critical="false">CA:TRUE</x509:basicConstraints>
           <x509:keyUsage critical="false">Certificate Sign, CRL Sign</x509:keyUsage>
           <x509:nsCertType critical="false">SSL Server</x509:nsCertType>
           <x509:subjectKeyIdentifier critical="false">B2:2C:0C:F8:5E:A7:44:B7</x509:subjectKeyIdentifier>
         </x509:v3ext>
       </x509:req>

     let $options := 
       <pki:key-options xmlns="ssl:options">
         <key-length>2048</key-length>
       </pki:key-options>

     return pki:create-template(
            "testTemplate",
            "Creating a new template",
            "rsa",
             $options,
             $x509)

  (: Creates a new certificate template, named "testTemplate." :)

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.