Loading TOC...


   $name as xs:string,
   $description as xs:string,
   $subject as element(x509:subject),
   $notBefore as xs:dateTime,
   $notAfter as xs:dateTime,
   $permissions as element(sec:permission)*
) as xs:unsignedLong


This function creates a new self-signed certificate authority, inserts it into the Security database as a trusted authority, and returns the ID of the newly created secure credential.

The certificate authority can be deleted by the pki:delete-authority function.

$name The secure credential name.
$description The secure credential description.
$subject The certificate authority's subject name.
$notBefore The time at which the authority becomes valid.
$notAfter The time after which the authority is no longer valid.
$permissions The permissions controlling access to the secure credential.


xquery version "1.0-ml"; 
import module namespace pki = "http://marklogic.com/xdmp/pki" 
      at "/MarkLogic/pki.xqy";

declare namespace x509 = "http://marklogic.com/xdmp/x509";

  "acme-ca", "Acme Certificate Authority",
  element x509:subject {
    element x509:countryName            {"US"},
    element x509:stateOrProvinceName    {"California"},
    element x509:localityName           {"San Carlos"},
    element x509:organizationName       {"Acme Inc."},
    element x509:organizationalUnitName {"Engineering"},
    element x509:commonName             {"Acme CA"},
    element x509:emailAddress           {"ca@acme.com"}
  fn:current-dateTime() + xs:dayTimeDuration("P365D"),

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.