NSX-T Data Center REST API

Self-Sign the CSR

Self-signs the previously generated CSR. This action is similar to the
import certificate action, but instead of using a public certificate signed
by a CA, the self_sign POST action uses a certificate that is signed with
NSX's own private key. The maximum validity limit for non-CA certificates is
825 days, except that values of 3,650 and 36,500 days are also allowed.
No limit is set for CA certificates.

Request:

Method:

POST

URI Path(s):

/api/v1/trust-management/csrs/{csr-id}?action=self_sign

Request Headers:

n/a

Query Parameters:

SelfSignedActionParameter+

Name	Description	Type	Notes
days_valid	Number of days the certificate will be valid, default 825 days	integer	Required Default: "825"

Request Body:

n/a

Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

Certificate+

Certificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Different categories of certificates to distinguish stored certificates. 'APPLIANCE_CERTIFICATE' are certs used by this cluster. 'PRINCIPAL_IDENTITY_CERTIFICATE' used by LM and GM for mutual auth. 'SITE_CERTIFICATE' are certificate of different sites. 'UNUSED_CERTIFICATE' are certs which are not applied yet. 'POLICY_CERTIFICATE' used for external services. 'OTHER_CERTIFICATE' is category for any certificate which is not identified.	string	Readonly Enum: OTHER_CERTIFICATE, APPLIANCE_CERTIFICATE, PRINCIPAL_IDENTITY_CERTIFICATE, SITE_CERTIFICATE, UNUSED_CERTIFICATE, POLICY_CERTIFICATE
description	Description of this resource	string	Maximum length: 1024 Sortable
details	List of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	Whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
leaf_certificate_sha_256_thumbprint	Certificate thumbprint Unique SHA-256 thumbprint of the leaf node certificate.	string	Readonly
pem_encoded	PEM encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Enum: signing-ca
resource_type	Must be set to the value Certificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
used_by	List of node IDs with services, that are using this certificate.	array of NodeIdServicesMap	Readonly

Example Response:

{ "id": "1b522350-832b-464b-9295-dff599dd5594", "resource_type": "certificate_self_signed", "pem_encoded": "-----BEGIN CERTIFICATE----------END CERTIFICATE-----\n", "has_private_key": true, "used_by": [], "_system_owned": false, "_create_user": "admin", "_create_time": 1630444964349, "_last_modified_user": "admin", "_last_modified_time": 1630444964349, "_protection": "NOT_PROTECTED", "_revision": 0 }

NSX-T Data Center REST API

Self-Sign the CSR

Request:

SelfSignedActionParameter (schema)

Successful Response:

Certificate (schema)

Example Response:

Required Permissions:

Feature:

Additional Errors: