Loading TOC...

pki:authority-create-host-certificate

pki:authority-create-host-certificate(
   $credential-id as xs:unsignedLong,
   $subject as element(x509:subject),
   $not-before as xs:dateTime,
   $not-after as xs:dateTime,
   $dns-name as xs:string?,
   $ip-addr as xs:string?
) as xs:string*

Summary

This function creates a host certificate, signed by the specified secure credential, and returns a PEM encoded host certificate and private key.

Parameters
$credential-id The ID of the secure credential for the authority.
$subject The host certificate subject. The commonName element should be a host name or wildcarded host names.
$not-before The time at which the certificate becomes valid.
$not-after The time after which the certificate is no longer valid.
$dns-name A DNS name, different from the subject commmon name.
$ip-addr An IP address.

Example


xquery version "1.0-ml"; 
 
import module namespace pki = "http://marklogic.com/xdmp/pki" 
      at "/MarkLogic/pki.xqy";
 
declare namespace x509 = "http://marklogic.com/xdmp/x509";

let $tmp :=
  pki:authority-create-host-certificate(
    xdmp:credential-id("acme-ca"),
    element x509:subject {
      element x509:countryName            {"US"},
      element x509:stateOrProvinceName    {"California"},
      element x509:localityName           {"San Carlos"},
      element x509:organizationName       {"Acme Inc."},
      element x509:organizationalUnitName {"Engineering"},
      element x509:commonName             {"www.eng.acme.com"},
      element x509:emailAddress           {"www-eng@acme.com"}
    },
    fn:current-dateTime(),
    fn:current-dateTime() + xs:dayTimeDuration("P365D"),
    "www.eng.acme.com", "1.2.3.4")
let $cert := $tmp[1]
let $privkey := $tmp[2]
return ( xdmp:x509-certificate-extract($cert), $cert, $privkey )
    

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.