Loading TOC...

pki:authority-sign-host-certificate-request

pki:authority-sign-host-certificate-request(
   $credential-id as xs:unsignedLong,
   $x509-req as element(x509:req),
   $not-before as xs:dateTime,
   $not-after as xs:dateTime
) as xs:string

Summary

This function signs a host certificate request.

Parameters
$credential-id The ID of the security credential for the authority.
$x509-req The certificate request.
$not-before The time at which the certificate becomes valid.
$not-after The time after which the certificate is no longer valid.

Example


xquery version "1.0-ml"; 
 
import module namespace pki = "http://marklogic.com/xdmp/pki" 
      at "/MarkLogic/pki.xqy";

declare namespace x509 = "http://marklogic.com/xdmp/x509";

let $req :=
  pki:generate-certificate-request(
    pki:get-template-by-name("test")/pki:template-id,
    "ACME Eng Server", "www.eng.acme.com", "1.2.3.4")
let $cert := 
  pki:authority-sign-host-certificate-request(
    xdmp:credential-id("acme-ca"),
    xdmp:x509-request-extract($req),
    fn:current-dateTime(),
    fn:current-dateTime() + xs:dayTimeDuration("P365D"))

return ( xdmp:x509-request-extract($req), 
         xdmp:x509-certificate-extract($cert), 
         $req, $cert ) 
    

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.