NSX-T Data Center REST API
Associated URIs:
| API Description | API Path |
|---|---|
Get the certificate profile for the given service typeGet an available certificate profile. Note that not every service type has an active certificate profile. |
GET /api/v1/trust-management/certificate-profile/{service-type}
|
Return the list of certificate profiles.List the certificate profiles currently active on the NSX Manager. This list depends on the type of instance deployed and which certificates are currently managed through the certificate-profile manager. That list is expected to expand in future releases. |
GET /api/v1/trust-management/certificate-profiles
|
Return All the User-Facing Components' CertificatesReturns all certificate information viewable by the user, including each certificate's UUID; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /api/v1/trust-management/certificates
|
Set a certificate as a GM or LM Principal Identity certificateSet a certificate that has been imported to be either the principal identity certificate for the local cluster with either GM or LM service type. Currently, the service type specified must match the current service type of the local cluster. |
POST /api/v1/trust-management/certificates?action=set_pi_certificate_for_federation
(Deprecated)
|
Fetch the server certificate chain of a TLS service endpointAttempt to connect to an TLS service endpoint and retrieve the server certificate chain it presents. |
POST /api/v1/trust-management/certificates?action=fetch_peer_certificate_chain
|
Add a New CertificateAdds a new private-public certificate or a chain of certificates (CAs) and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A private key can be uploaded for a CA certificate only if the "purpose" parameter is set to "signing-ca". |
POST /api/v1/trust-management/certificates?action=import
|
Set a certificate as the Appliance Proxy certificate to be used in inter-site communicationSet a certificate that has been imported to be the Appliance Proxy certificate used for communicating with Appliance Proxies on other sites. |
POST /api/v1/trust-management/certificates?action=set_appliance_proxy_certificate_for_inter_site_communication
(Deprecated)
|
Delete Certificate for the Given Certificate IDRemoves the specified certificate. The private key associated with the certificate is also deleted. |
DELETE /api/v1/trust-management/certificates/{cert-id}
|
Validate a certificateChecks whether certificate is valid. When the certificate contains a chain, the full chain is validated. The usage parameter can be SERVER (default) or CLIENT. This indicates whether the certificate needs to be validated as a server-auth or a client-auth certificate. |
GET /api/v1/trust-management/certificates/{cert-id}?action=validate
|
Show Certificate Data for the Given Certificate IDReturns information for the specified certificate ID, including the certificate's UUID; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. |
GET /api/v1/trust-management/certificates/{cert-id}
|
Apply a certificate for a CertificateProfileLook up the Certificate Profile matching the service-type and apply the certificate. When the Certificate Profile has cluster_certificate=false, the node_id parameter is required to designate the node where the certificate needs to be applied. |
POST /api/v1/trust-management/certificates/{cert-id}?action=apply_certificate
|
Replace a Host CertificateSends a new private-public certificate or a chain of certificates (CAs) and a private key to be used on a Transport Node. |
POST /api/v1/trust-management/certificates/action/replace-host-certificate/{host-id}
|