Creating a Certificate Authority
- Last Updated: May 20, 2026
- 1 minute read
- MarkLogic Server
- Version 12.0
- Documentation
Secure credentials that contain PEM-encoded public and private keys can be used to control access to a CA stored in a MarkLogic Server Security database. To create and insert a CA into the Security database, use pki:create-authority().
For example, the following query creates a CA, named acme-ca:
xquery version "1.0-ml";
import module namespace pki = "http://marklogic.com/xdmp/pki"
at "/MarkLogic/pki.xqy";
declare namespace x509 = "http://marklogic.com/xdmp/x509";
pki:create-authority(
"acme-ca", "Acme Certificate Authority",
element x509:subject {
element x509:countryName {"US"},
element x509:stateOrProvinceName {"California"},
element x509:localityName {"San Carlos"},
element x509:organizationName {"Acme Inc."},
element x509:organizationalUnitName {"Engineering"},
element x509:commonName {"Acme CA"},
element x509:emailAddress {"ca@acme.com"}
},
fn:current-dateTime(),
fn:current-dateTime() + xs:dayTimeDuration("P365D"),
(xdmp:permission("admin","read")))