pki:authority-create-client-certificate

pki:authority-create-client-certificate(
   $credential-id as xs:unsignedLong,
   $subject as element(x509:subject),
   $notBefore as xs:dateTime,
   $notAfter as xs:dateTime
) as xs:string*

Summary

This function creates a client certificate, signed by the specified secure credential, and returns a PEM encoded client certificate and private key.

Parameters
credential-id The ID of the security credential for the authority.
subject The client certificate subject.
notBefore The time at which the certificate becomes valid.
notAfter The time after which the certificate is no longer valid.

Example


xquery version "1.0-ml"; 
 
import module namespace pki = "http://marklogic.com/xdmp/pki" 
      at "/MarkLogic/pki.xqy";

declare namespace x509 = "http://marklogic.com/xdmp/x509";

let $tmp :=
  pki:authority-create-client-certificate(
    xdmp:credential-id("acme-ca"),
    element x509:subject {
      element x509:countryName            {"US"},
      element x509:stateOrProvinceName    {"California"},
      element x509:localityName           {"San Carlos"},
      element x509:organizationName       {"Acme Inc."},
      element x509:organizationalUnitName {"Engineering"},
      element x509:commonName             {"Elmer Fudd"},
      element x509:emailAddress           {"elmer.fudd@acme.com"}
    },
    fn:current-dateTime(),
    fn:current-dateTime() + xs:dayTimeDuration("P365D"))
let $cert := $tmp[1]
let $privkey := $tmp[2]
return ( xdmp:x509-certificate-extract($cert), $cert, $privkey ) 
    
Powered by MarkLogic Server | Terms of Use | Privacy Policy