NSX-T Data Center REST API
Associated URIs:
| API Description | API Path |
|---|---|
Return the Properties of a Trust ManagerReturns information about the supported algorithms and key sizes. |
GET /api/v1/trust-management
|
Return All Added CRLsReturns information about all CRLs. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /api/v1/trust-management/crls
|
Add a New Certificate Revocation ListAdds a new certificate revocation list (CRL). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. A CRL can be in the PEM X.509 format (crl_type=X509) or JSON OneCRL (crl_type=OneCRL). If crl_type is not specified, it is auto-detected based on the presence of fields pem_encoded or one_crl. |
POST /api/v1/trust-management/crls?action=import
|
Delete a CRLDeletes an existing CRL. |
DELETE /api/v1/trust-management/crls/<crl-id>
|
Show CRL Data for the Given CRL IDReturns information about the specified CRL. For additional information, include the ?details=true modifier at the end of the request URI. |
GET /api/v1/trust-management/crls/<crl-id>
|
Update CRL for the Given CRL IDUpdates an existing CRL. |
PUT /api/v1/trust-management/crls/<crl-id>
|
Return All the Generated CSRsReturns information about all of the CSRs that have been created. |
GET /api/v1/trust-management/csrs
|
Generate a New Certificate Signing RequestCreates a new certificate signing request (CSR). A CSR is encrypted text that contains information about your organization (organization name, country, and so on) and your Web server's public key, which is a public certificate the is generated on the server that can be used to forward this request to a certificate authority (CA). A private key is also usually created at the same time as the CSR. |
POST /api/v1/trust-management/csrs
|
Generate a New Self-Signed CertificateCreates a new self-signed certificate. A private key is also created at the same time. This is convenience call that will generate a CSR and then self-sign it. For validity of non-CA certificates, if a value greater than 825 days is provided, it will be set to 825 days. No limit is set for CA certificates. |
POST /api/v1/trust-management/csrs?action=self_sign
|
Generate a New Certificate Signing Request with ExtensionsCreates a new certificate signing request (CSR) with selected extensions. A CSR is encrypted text that contains information about your organization (organization name, country, and so on), additional attributes as extensions, and your Web server's public key, which is a public certificate the is generated on the server that can be used to forward this request to a certificate authority (CA). A private key is also usually created at the same time as the CSR. |
POST /api/v1/trust-management/csrs-extended
(Experimental)
|
Delete a CSRRemoves a specified CSR. If a CSR is not used for verification, you can delete it. |
DELETE /api/v1/trust-management/csrs/<csr-id>
|
Show CSR Data for the Given CSR IDReturns information about the specified CSR. |
GET /api/v1/trust-management/csrs/<csr-id>
|
Upload the Certificate PEM File Signed by the CA Associated with a CSRUploads the certificate authority (CA)-signed certificate. After you send the certificate request to the CA of your choice, and the CA sends back the signed certificate, you can use the upload POST action to upload the signed certificate. The upload action is similar to the import action, but the upload action allows you to directly upload the PEM-encoded file (signed certificate) provided by the CA. After this operation you can delete the CSR. |
POST /api/v1/trust-management/csrs/<csr-id>?action=upload
|
Import a Certificate Associated with an Approved CSRImports a certificate authority (CA)-signed certificate for a CSR. This action links the certificate to the private key created by the CSR. The pem_encoded string in the request body is the signed certificate provided by your CA in response to the CSR that you provide to them. After this operation you can delete the CSR. |
POST /api/v1/trust-management/csrs/<csr-id>?action=import
|
Self-Sign the CSRSelf-signs the previously generated CSR. This action is similar to the import certificate action, but instead of using a public certificate signed by a CA, the self_sign POST action uses a certificate that is signed with NSX's own private key. For validity of non-CA certificates, if a value greater than 825 days is provided, it will be set to 825 days. No limit is set for CA certificates. |
POST /api/v1/trust-management/csrs/<csr-id>?action=self_sign
|
Get CSR PEM File for the Given CSR IDDownloads the CSR PEM file for a specified CSR. Clients must include an Accept: text/plain request header. |
GET /api/v1/trust-management/csrs/<csr-id>/pem-file
|