Loading TOC...

pki:insert-certificate-revocation-list

pki:insert-certificate-revocation-list(
   $url as xs:string,
   $crl as item()
) as empty-sequence()

Summary

This function inserts a PEM- or DER-encoded Certificate Revocation List (CRL) into the security database. A CRL is a list of certificate serial numbers that have been revoked, and the revocation date of each. The CRL is signed by the Certificate Authority to verify its accuracy. The CRL contains two dates, one indicating when it was published and the other indicating when it will next be published. This is useful in determining whether a newer CRL should be fetched.

Certificate Authorities typically allow the CRL to be downloaded via HTTP. The document URL in the database is derived from the URL passed in to the function, so Inserting a newer CRL retrieved from the same URL will replace the previous one in the database.

Parameters
url The URL from which the CRL was downloaded.
crl The PEM- or DER-encoded CRL.

Example

  xquery version "1.0-ml"; 

  import module namespace pki = "http://marklogic.com/xdmp/pki" 
  at "/MarkLogic/pki.xqy";

  let $URI := "http://crl.verisign.com/pca3.crl"

  return
      pki:insert-certificate-revocation-list(
           $URI, 
           xdmp:document-get($URI)/binary() )
  
  (: Inserts a CRL from Verisign into the database. :)
     

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.