Certificates APIs

Certificates APIs

APIs for managing Certificates

1. Install Certificates By Online Mode

The following steps have to be followed to install certificates signed by VCF supporting certificate authorities (Microsoft CA and OpenSSL CA).

1.1. Prerequisites

  • VCF environment.

1.2. Steps

  • Check if certificate authority is configured or not by invoking the API. If certificate authority is configured, proceed directly to step-3.

Note : Operations are performed on domain named MGMT.

Note : The following returns the list of all configured cerificate authorities.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/certificate-authorities' -i -X GET \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/certificate-authorities HTTP/1.1
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 386

{
  "elements" : [ {
    "id" : "OpenSSL",
    "commonName" : "test.openssl.eng.vmware.com",
    "country" : "IN",
    "state" : "Karnataka",
    "locality" : "Bengaluru",
    "organization" : "VMware",
    "organizationUnit" : "ISBU"
  }, {
    "id" : "Microsoft",
    "username" : "Admin",
    "serverUrl" : "https://AD-vcf.eng.vmware.com/certsrv",
    "templateName" : "Vcms"
  } ]
}

Tip : Refer to: Get certificate authorities information API

  • Configure certificate authority if it is not configured by invoking the API

Configure "Microsoft" certificate authority
cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/certificate-authorities' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "microsoftCertificateAuthoritySpec" : {
    "username" : "Admin",
    "secret" : "VMwareInfra@1",
    "serverUrl" : "https://AD-vcf.eng.vmware.com/certsrv",
    "templateName" : "Vcms"
  }
}'

HTTP Request

PUT /v1/certificate-authorities HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 194
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "microsoftCertificateAuthoritySpec" : {
    "username" : "Admin",
    "secret" : "VMwareInfra@1",
    "serverUrl" : "https://AD-vcf.eng.vmware.com/certsrv",
    "templateName" : "Vcms"
  }
}

HTTP Response

HTTP/1.1 200 OK

Configure "OpenSSL" certificate authority
cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/certificate-authorities' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "openSSLCertificateAuthoritySpec" : {
    "commonName" : "test.openssl.eng.vmware.com",
    "country" : "IN",
    "state" : "Karnataka",
    "locality" : "Bengaluru",
    "organization" : "VMware",
    "organizationUnit" : "ISBU"
  }
}'

HTTP Request

PUT /v1/certificate-authorities HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 239
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "openSSLCertificateAuthoritySpec" : {
    "commonName" : "test.openssl.eng.vmware.com",
    "country" : "IN",
    "state" : "Karnataka",
    "locality" : "Bengaluru",
    "organization" : "VMware",
    "organizationUnit" : "ISBU"
  }
}

HTTP Response

HTTP/1.1 200 OK

Tip : Refer to: Create a certificate authority API

  • Reconfigure the certificate authority if required by invoking the API

Reconfigure "Microsoft" certificate authority
cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/certificate-authorities' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "microsoftCertificateAuthoritySpec" : {
    "templateName" : "Vcms1"
  }
}'

HTTP Request

PATCH /v1/certificate-authorities HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 78
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "microsoftCertificateAuthoritySpec" : {
    "templateName" : "Vcms1"
  }
}

HTTP Response

HTTP/1.1 200 OK

Reconfigure "OpenSSL" certificate authority
cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/certificate-authorities' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "openSSLCertificateAuthoritySpec" : {
    "commonName" : "test1.openssl.eng.vmware.com"
  }
}'

HTTP Request

PATCH /v1/certificate-authorities HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 97
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "openSSLCertificateAuthoritySpec" : {
    "commonName" : "test1.openssl.eng.vmware.com"
  }
}

HTTP Response

HTTP/1.1 200 OK

Tip : Refer to: Configure existing certificate authority API

  • Verify that the certificate authority is successfully configured by invoking the API with type of CA as the ID

Verify configuration for "Microsoft" certificate authority
cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/certificate-authorities/Microsoft' -i -X GET \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/certificate-authorities/Microsoft HTTP/1.1
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 132

{
  "id" : "Microsoft",
  "username" : "Admin",
  "serverUrl" : "https://AD-vcf.eng.vmware.com/certsrv",
  "templateName" : "Vcms"
}

Verify configuration for "OpenSSL" certificate authority
cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/certificate-authorities/OpenSSL' -i -X GET \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/certificate-authorities/OpenSSL HTTP/1.1
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 203

{
  "id" : "OpenSSL",
  "commonName" : "test.openssl.eng.vmware.com",
  "country" : "IN",
  "state" : "Karnataka",
  "locality" : "Bengaluru",
  "organization" : "VMware",
  "organizationUnit" : "ISBU"
}

Tip : Refer to: Get certificate authority information API

  • After the successful certificate authority configuration, generate CSR by invoking the API

Tip : If "resources" field is not given then operations are performed on all the resources in the domain.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/csrs' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "csrGenerationSpec" : {
    "country" : "IN",
    "state" : "Karnataka",
    "locality" : "Bengaluru",
    "organization" : "VMware",
    "organizationUnit" : "ISBU",
    "email" : "[email protected]",
    "keySize" : "2048",
    "keyAlgorithm" : "RSA"
  },
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER",
    "sans" : [ "sfo-m01-nsx01.rainpole.io", "10.0.0.6" ]
  } ]
}'

HTTP Request

PUT /v1/domains/MGMT/csrs HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 415
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "csrGenerationSpec" : {
    "country" : "IN",
    "state" : "Karnataka",
    "locality" : "Bengaluru",
    "organization" : "VMware",
    "organizationUnit" : "ISBU",
    "email" : "[email protected]",
    "keySize" : "2048",
    "keyAlgorithm" : "RSA"
  },
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER",
    "sans" : [ "sfo-m01-nsx01.rainpole.io", "10.0.0.6" ]
  } ]
}

HTTP Response

HTTP/1.1 202 Accepted
Location: /v1/tasks/cd1b7198-be22-4a2f-b3df-b632e0e34e37
Content-Type: application/json
Content-Length: 79

{
  "id" : "cd1b7198-be22-4a2f-b3df-b632e0e34e37",
  "status" : "IN_PROGRESS"
}

Tip : Refer to: Generate CSR(s) API

  • Poll the status of the task using the task API with the ID from the response of the previous API.

Tip : Refer to: Get a Task.

  • Poll the task until "status" is not "IN_PROGRESS" with the ID from the previous response.

Tip : Refer to: Get a Task.

  • If the "status" is "SUCCESSFUL", the task is completed successfully.

  • If the "status" is "FAILED", execute the generate CSR request again.

  • If the generation of CSR is successful, fetch the contents of the CSR to check for which resources CSR is generated by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/csrs' -i -X GET \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/domains/MGMT/csrs HTTP/1.1
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1154

{
  "elements" : [ {
    "csrEncodedContent" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICtDCCAZwCAQAwbzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH\nEwJQQTEMMAoGA1UECxMDVkNGMQ8wDQYDVQQKEwZWTXdhcmUxJzAlBgNVBAMTHm5z\neE1hbmFnZXIudnJhY2sudnNwaGVyZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAKtumknTB1do77E5rCXGRgqT6iqTgW0moiDZS6USGkeTQMvj\nR5JnQjq11xJl0y1meSdA6ufft8xndOr1b8alRs4+FreuJLl/8HBIVLRECrfkfIn0\nImwZzGFih2wwrCD/evb/7paNcdt97+KF2nwqB5ADysyFkjYs0uiJxxE5i8HsST1L\n+AStKeAV0lOk/2n/qgHPUcnjH7KchJAet9DFuKBWUW7QIryQffuiQrdAFqcEPHJC\nubHyqnoBPktosD3SXs1UickNiTyXIRC1NGHK/w7VTTJfBxkXxIdejazVGjCAW8w0\n/N4iW3rCaxSpnggWLGYFbGEkhikgtkpj8zIRjk8CAwEAAaAAMA0GCSqGSIb3DQEB\nCwUAA4IBAQBkxJTuymqggHLhWbtnvtA3mU4freKzF2XDUUP+K5kz43j2IXNbsCJI\nWDpY9OCVj9NHZ+uFTvQLvCb3E+6h0vE4Dw2PVUuOpz/Ag1qmgYIxtC5vzN4gLKih\nUNROG5wYryYKO8YL4MB3XIQdx9b8y8Fxyh3ZHIvdghhUPBooWzeCUXVPD8Le4p52\nD8yMGREtSQL4avLughd+SFd0fvKQq+/K42WOFn7PYVfgLBqdW1YCjEIfAdsG+bhG\n3CIBan84uV3cKFSM4NtxCvHZnuRZmx6+0Frtt1w9sndjKvHrA6ozoHO9O1gl/E9D\nY1rzOB7KFzGiZHAMT2Cf/x/xGo8rTGFZ\n-----END CERTIFICATE REQUEST-----",
    "resource" : {
      "fqdn" : "sfo-m01-nsx01.rainpole.io"
    }
  } ]
}

Tip : Refer to: Get available CSR(s) in json format API

  • After successful CSR generation, generate the certificates signed by supported certificates authorities (either OpenSSL or Microsoft) by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/certificates' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "caType" : "Microsoft",
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER"
  } ]
}'

HTTP Request

PUT /v1/domains/MGMT/certificates HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 124
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "caType" : "Microsoft",
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER"
  } ]
}

HTTP Response

HTTP/1.1 202 Accepted
Location: /v1/tasks/81913895-a106-4d25-aea2-ae43ef1d4db7
Content-Type: application/json
Content-Length: 79

{
  "id" : "81913895-a106-4d25-aea2-ae43ef1d4db7",
  "status" : "IN_PROGRESS"
}

Tip : Refer to: Generate certificate(s) for the selected resource(s) in a domain API

  • Poll the status of the task using the task API with the ID from the response of the previous API.

Tip : Refer to: Get a Task.

  • Poll the task until "status" is not "IN_PROGRESS" with the ID from the previous response.

Tip : Refer to: Get a Task.

  • If the "status" is "SUCCESSFUL", the task is completed successfully.

  • If the "status" is "FAILED", execute the generate certificate request again.

  • If the generation of certificates is successful, fetch the contents of the generated certificates to check for which resources certificates are generated by invoking the API

Note : The following will display the list of generated as well as already installed certificates.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/certificates' -i -X GET \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/domains/MGMT/certificates HTTP/1.1
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 8488

{
  "elements" : [ {
    "isInstalled" : true,
    "version" : "V3",
    "serialNumber" : "ca:0b:5d:6d:07:4e:db:41",
    "issuedTo" : "sfo-m01-vc01.rainpole.io",
    "issuedBy" : "OU=VMware Engineering, O=sfo-m01-psc01.rainpole.io, ST=California, C=US, DC=local, DC=vsphere, CN=CA",
    "notBefore" : "2019-07-11T10:16:05.000Z",
    "notAfter" : "2029-07-06T08:17:24.000Z",
    "signatureAlgorithm" : "SHA256withRSA",
    "subject" : "C=US, CN=sfo-m01-vc01.rainpole.io",
    "subjectAlternativeName" : [ "sfo-m01-vc01.rainpole.io" ],
    "publicKey" : "BA:16:16:DF:00:B2:88:C9:F9:E0:7F:72:B6:DC:83:1F:87:46:C3:C4:4B:8B:EB:C0:AD:B9:A2:FB:31:75:0A:89:12:25:58:B6:42:B1:78:A3:7F:19:B0:03:19:35:AD:51:5D:08:36:CB:C3:6E:63:B2:CE:89:2D:24:AD:EA:DD:BD:73:0A:06:84:4E:4D:83:AF:B8:EC:F9:E1:98:9F:35:9F:83:11:DD:71:61:5E:CF:DE:9A:BF:0D:A7:8A:64:F2:94:26:5D:A7:E0:20:B9:C2:01:BB:62:F2:7D:C3:A9:9B:91:DE:49:1E:97:B7:E8:CA:38:1C:E9:92:76:07:A8:26:95:5D:C1:89:E7:EA:27:03:57:BE:D2:76:B5:E4:AC:89:10:67:7F:42:DA:5D:52:5C:9F:65:59:A4:42:0B:81:F8:77:B5:F8:2D:18:DA:9B:1A:F4:BD:BD:F2:33:97:7A:EA:64:1B:CE:58:CF:9C:E7:18:60:94:CE:66:C9:57:7E:62:A2:AD:47:3D:29:D2:F8:DB:AB:D7:8F:D1:7D:8A:9A:FC:68:37:48:3C:AD:38:A5:76:D8:4C:E2:64:AE:87:B7:DA:78:3E:EB:2B:C8:70:43:4D:CB:4E:72:80:43:CB:D2:43:A7:71:16:22:27:0F:A1:DB:0A:83:88:2C:09:49:0A:35:8C:76:76:55:E2:3A:1C:7C:74:F0:91:60:A2:45:7F:6C:7A:2B:A5:51:87:25:D0:DB:9C:E0:B8:32:27:83:D6:3F:70:C5:7A:1B:92:09:E7:77:39:3A:C2:28:B1:5C:8A:3F:42:FE:D6:6A:7D:F6:E5:D6:FB:B0:DB:AB:D9:65:29:BE:75:DA:07:E8:38:B2:A0:75:9F:45:8E:FF:6B:AF:27:DB:FA:2E:AB:80:51:09:88:7D:7B:AC:A4:B7:15:41:30:A0:E1:0F:C7:DD:D1:F4:84:7D:D3:F8:B1:B0:F9:55:8F:A6:DC:44:E0:E6:0F:C5:DF:32:93:51:8D:7D:BA:79:4A:3E:72:CA:CB:9A:2E:8B:E6:A0:63:57:C8:CD:92:F8:70:0A:1E:6D:CA:DF:35:D4:91:45:E7:DB:7F:86:32:E9:8C:A3:D2:D0:35:15:70:A9:DA:39:DF:FA:76:9C:EF:5D:B6:A4:58:49:EE:A0:B1:74:33:D2:41:97:F6:FE:0C:07:66:DE:56:5F:3E:15:03:70:3D:56:80:5E:F6:CB:C3:FA:78:CE:14:0C:D7:E1:53:48:8B:5A:61:C0:04:BA:DD:ED:B3:E4:F1:76:AD:FD:03:27:C9:FB:EC:5A:75:0B:22:8F:6A:E8:35:47:FB:04:B7:A7:5F:51:FA:46:EF:00:64:03:27:1C:FB",
    "publicKeyAlgorithm" : "RSA",
    "keySize" : "2048",
    "thumbprintAlgorithm" : "SHA-256",
    "thumbprint" : "35:4B:A5:11:A9:3D:39:0D:B7:95:9B:4D:07:5C:73:40:D0:DF:63:D4:68:97:6E:1B:20:70:87:AE:40:3F:7E:AD",
    "numberOfDaysToExpire" : 3644,
    "expirationStatus" : "ACTIVE",
    "pemEncoded" : "-----BEGIN CERTIFICATE-----MIIFRDCCBCygAwIBAgIJAOx9cA2cGcUUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExIjAgBgNVBAoMGXBzYy0xLnZyYWNrLnZzcGhlcmUubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzAeFw0xODA3MDIxNDE1NTJaFw0yODA2MjcxMjIyMzlaMIGwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMQ8wDQYDVQQKEwZWTXdhcmUxGzAZBgNVBAsTElZNd2FyZSBFbmdpbmVlcmluZzEqMCgGA1UEAxMhbG9hZC1iYWxhbmNlci52cmFjay52c3BoZXJlLmxvY2FsMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6FhbfALKIyfngf3K23IMfh0bDxEuL68CtuaL7MXUKiRIlWLZCsXijfxmwAxk1rVFdCDbLw25jss6JLSSt6t29cwoGhE5Ng6+47PnhmJ81n4MR3XFhXs/emr8Np4pk8pQmXafgILnCAbti8n3DqZuR3kkel7foyjgc6ZJ2B6gmlV3BiefqJwNXvtJ2teSsiRBnf0LaXVJcn2VZpEILgfh3tfgtGNqbGvS9vfIzl3rqZBvOWM+c5xhglM5myVd+YqKtRz0p0vjbq9eP0X2KmvxoN0g8rTildthM4mSuh7faeD7rK8hwQ03LTnKAQ8vSQ6dxFiInD6HbCoOILAlJCjWMdnZV4jocfHTwkWCiRX9seiulUYcl0Nuc4LgyJ4PWP3DFehuSCed3OTrCKLFcij9C/tZqffbl1vuw26vZZSm+ddoH6DiyoHWfRY7/a68n2/ouq4BRCYh9e6yktxVBMKDhD8fd0fSEfdP4sbD5VY+m3ETg5g/F3zKTUY19unlKPnLKy5oui+agY1fIzZL4cAoebcrfNdSRRefbf4Yy6Yyj0tA1FXCp2jnf+nac7122pFhJ7qCxdDPSQZf2/gwHZt5WXz4VA3A9VoBe9svD+njOFAzX4VNIi1phwAS63e2z5PF2rf0DJ8n77Fp1CyKPaug1R/sEt6dfUfpG7wBkAycc+wIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAyBgNVHREEKzApgiFsb2FkLWJhbGFuY2VyLnZyYWNrLnZzcGhlcmUubG9jYWyHBAoAAA8wHwYDVR0jBBgwFoAUauWGErq+/JHwQ3qju9Ch8V2097MwDQYJKoZIhvcNAQELBQADggEBAMCvNCQ3KsvncoYK9fI0cfcBYEpFuToB+duK7yztklf8P6PLRSWdU39KaG+xv5768K+xe90riOYs0Mhcs0IuUQW2F6kCnlW3ff2R3pvTeM3kGqXclk4KGKRNnhhsF3Ze8QW3drH0dzD3vNcumdLr+GvG6vF2O/Pl3+Nn9dwE72ZVl7Ai970jJM5CVjI+wST19ZQPpq1E3aad3Bk+AQcQCIGputBGkHFZUGX4T6jPH0uDOcSRjH7v6TXhF2Cury7zme0zpWYwC4RMH/AxqK4z6DlmAwu2zycN097TMM/ZUXePmvgY7JSB5BIiY4ZxlnNbJy4756XDSBt41AaHxqWNcfs=-----END CERTIFICATE-----"
  }, {
    "isInstalled" : false,
    "version" : "V3",
    "serialNumber" : "f4:80:33:5f:e5:77:2a:f7",
    "issuedTo" : "sfo-m01-nsx01.rainpole.io",
    "issuedBy" : "OU=ISBU, O=VMware, L= Bangalore, ST=Karnataka, C=IN, CN=test1.openssl.eng.vmware.com",
    "notBefore" : "2019-07-25T07:38:55.000Z",
    "notAfter" : "2020-07-24T07:38:55.000Z",
    "signatureAlgorithm" : "SHA256withRSA",
    "subject" : "C=US, CN=sfo-m01-nsx01.rainpole.io",
    "subjectAlternativeName" : [ "sfo-m01-nsx01.rainpole.io" ],
    "publicKey" : "BA:16:16:DF:00:B2:88:C9:F9:E0:7F:72:B6:DC:83:1F:87:46:C3:C4:4B:8B:EB:C0:AD:B9:A2:FB:31:75:0A:89:12:25:58:B6:42:B1:78:A3:7F:19:B0:03:19:35:AD:51:5D:08:36:CB:C3:6E:63:B2:CE:89:2D:24:AD:EA:DD:BD:73:0A:06:84:4E:4D:83:AF:B8:EC:F9:E1:98:9F:35:9F:83:11:DD:71:61:5E:CF:DE:9A:BF:0D:A7:8A:64:F2:94:26:5D:A7:E0:20:B9:C2:01:BB:62:F2:7D:C3:A9:9B:91:DE:49:1E:97:B7:E8:CA:38:1C:E9:92:76:07:A8:26:95:5D:C1:89:E7:EA:27:03:57:BE:D2:76:B5:E4:AC:89:10:67:7F:42:DA:5D:52:5C:9F:65:59:A4:42:0B:81:F8:77:B5:F8:2D:18:DA:9B:1A:F4:BD:BD:F2:33:97:7A:EA:64:1B:CE:58:CF:9C:E7:18:60:94:CE:66:C9:57:7E:62:A2:AD:47:3D:29:D2:F8:DB:AB:D7:8F:D1:7D:8A:9A:FC:68:37:48:3C:AD:38:A5:76:D8:4C:E2:64:AE:87:B7:DA:78:3E:EB:2B:C8:70:43:4D:CB:4E:72:80:43:CB:D2:43:A7:71:16:22:27:0F:A1:DB:0A:83:88:2C:09:49:0A:35:8C:76:76:55:E2:3A:1C:7C:74:F0:91:60:A2:45:7F:6C:7A:2B:A5:51:87:25:D0:DB:9C:E0:B8:32:27:83:D6:3F:70:C5:7A:1B:92:09:E7:77:39:3A:C2:28:B1:5C:8A:3F:42:FE:D6:6A:7D:F6:E5:D6:FB:B0:DB:AB:D9:65:29:BE:75:DA:07:E8:38:B2:A0:75:9F:45:8E:FF:6B:AF:27:DB:FA:2E:AB:80:51:09:88:7D:7B:AC:A4:B7:15:41:30:A0:E1:0F:C7:DD:D1:F4:84:7D:D3:F8:B1:B0:F9:55:8F:A6:DC:44:E0:E6:0F:C5:DF:32:93:51:8D:7D:BA:79:4A:3E:72:CA:CB:9A:2E:8B:E6:A0:63:57:C8:CD:92:F8:70:0A:1E:6D:CA:DF:35:D4:91:45:E7:DB:7F:86:32:E9:8C:A3:D2:D0:35:15:70:A9:DA:39:DF:FA:76:9C:EF:5D:B6:A4:58:49:EE:A0:B1:74:33:D2:41:97:F6:FE:0C:07:66:DE:56:5F:3E:15:03:70:3D:56:80:5E:F6:CB:C3:FA:78:CE:14:0C:D7:E1:53:48:8B:5A:61:C0:04:BA:DD:ED:B3:E4:F1:76:AD:FD:03:27:C9:FB:EC:5A:75:0B:22:8F:6A:E8:35:47:FB:04:B7:A7:5F:51:FA:46:EF:00:64:03:27:1C:FB",
    "publicKeyAlgorithm" : "RSA",
    "keySize" : "2048",
    "thumbprintAlgorithm" : "SHA-256",
    "thumbprint" : "02:B1:D1:01:18:9F:07:39:E1:7C:94:BC:50:07:64:E8:45:8C:F8:73:3E:A9:23:BC:D2:BD:B1:17:E9:B3:C0:11",
    "numberOfDaysToExpire" : 365,
    "expirationStatus" : "ACTIVE",
    "pemEncoded" : "-----BEGIN CERTIFICATE-----MIIFRDCCBCygAwIBAgIJAOx9cA2cGcUUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExIjAgBgNVBAoMGXBzYy0xLnZyYWNrLnZzcGhlcmUubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzAeFw0xODA3MDIxNDE1NTJaFw0yODA2MjcxMjIyMzlaMIGwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMQ8wDQYDVQQKEwZWTXdhcmUxGzAZBgNVBAsTElZNd2FyZSBFbmdpbmVlcmluZzEqMCgGA1UEAxMhbG9hZC1iYWxhbmNlci52cmFjay52c3BoZXJlLmxvY2FsMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6FhbfALKIyfngf3K23IMfh0bDxEuL68CtuaL7MXUKiRIlWLZCsXijfxmwAxk1rVFdCDbLw25jss6JLSSt6t29cwoGhE5Ng6+47PnhmJ81n4MR3XFhXs/emr8Np4pk8pQmXafgILnCAbti8n3DqZuR3kkel7foyjgc6ZJ2B6gmlV3BiefqJwNXvtJ2teSsiRBnf0LaXVJcn2VZpEILgfh3tfgtGNqbGvS9vfIzl3rqZBvOWM+c5xhglM5myVd+YqKtRz0p0vjbq9eP0X2KmvxoN0g8rTildthM4mSuh7faeD7rK8hwQ03LTnKAQ8vSQ6dxFiInD6HbCoOILAlJCjWMdnZV4jocfHTwkWCiRX9seiulUYcl0Nuc4LgyJ4PWP3DFehuSCed3OTrCKLFcij9C/tZqffbl1vuw26vZZSm+ddoH6DiyoHWfRY7/a68n2/ouq4BRCYh9e6yktxVBMKDhD8fd0fSEfdP4sbD5VY+m3ETg5g/F3zKTUY19unlKPnLKy5oui+agY1fIzZL4cAoebcrfNdSRRefbf4Yy6Yyj0tA1FXCp2jnf+nac7122pFhJ7qCxdDPSQZf2/gwHZt5WXz4VA3A9VoBe9svD+njOFAzX4VNIi1phwAS63e2z5PF2rf0DJ8n77Fp1CyKPaug1R/sEt6dfUfpG7wBkAycc+wIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAyBgNVHREEKzApgiFsb2FkLWJhbGFuY2VyLnZyYWNrLnZzcGhlcmUubG9jYWyHBAoAAA8wHwYDVR0jBBgwFoAUauWGErq+/JHwQ3qju9Ch8V2097MwDQYJKoZIhvcNAQELBQADggEBAMCvNCQ3KsvncoYK9fI0cfcBYEpFuToB+duK7yztklf8P6PLRSWdU39KaG+xv5768K+xe90riOYs0Mhcs0IuUQW2F6kCnlW3ff2R3pvTeM3kGqXclk4KGKRNnhhsF3Ze8QW3drH0dzD3vNcumdLr+GvG6vF2O/Pl3+Nn9dwE72ZVl7Ai970jJM5CVjI+wST19ZQPpq1E3aad3Bk+AQcQCIGputBGkHFZUGX4T6jPH0uDOcSRjH7v6TXhF2Cury7zme0zpWYwC4RMH/AxqK4z6DlmAwu2zycN097TMM/ZUXePmvgY7JSB5BIiY4ZxlnNbJy4756XDSBt41AaHxqWNcfs=-----END CERTIFICATE-----"
  } ]
}

Tip : Refer to: Get latest generated certificate(s) in a domain API

  • After successful certificate generation, install the signed certificates on remote resources by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/certificates' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "operationType" : "INSTALL",
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER"
  } ]
}'

HTTP Request

PATCH /v1/domains/MGMT/certificates HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 129
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "operationType" : "INSTALL",
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER"
  } ]
}

HTTP Response

HTTP/1.1 202 Accepted
Location: /v1/tasks/26c32844-f23a-4aa0-aace-48081a875a72
Content-Type: application/json
Content-Length: 79

{
  "id" : "26c32844-f23a-4aa0-aace-48081a875a72",
  "status" : "IN_PROGRESS"
}

Tip : Refer to: Replace certificate(s) for the selected resource(s) in a domain API

  • Poll the status of the task using the task API with the ID from the response of the previous API.

Tip : Refer to: Get a Task.

  • Poll the task until "status" is not "IN_PROGRESS" with the ID from the previous response.

Tip : Refer to: Get a Task.

  • If the "status" is "SUCCESSFUL", the task is completed successfully.

  • If the "status" is "FAILED", the task can be re-executed.

Tip : Refer to: Retry a Task

  • Fetch the installed certificates by invoking the API

Note : The following will display the list of installed certificates.

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/resource-certificates' -i -X GET \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/domains/MGMT/resource-certificates HTTP/1.1
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 8435

{
  "elements" : [ {
    "version" : "V3",
    "serialNumber" : "ca:0b:5d:6d:07:4e:db:41",
    "issuedTo" : "sfo-m01-vc01.rainpole.io",
    "issuedBy" : "OU=VMware Engineering, O=sfo-m01-psc01.rainpole.io, ST=California, C=US, DC=local, DC=vsphere, CN=CA",
    "notBefore" : "2019-07-11T10:16:05.000Z",
    "notAfter" : "2029-07-06T08:17:24.000Z",
    "signatureAlgorithm" : "SHA256withRSA",
    "subject" : "C=US, CN=sfo-m01-vc01.rainpole.io",
    "subjectAlternativeName" : [ "sfo-m01-vc01.rainpole.io" ],
    "publicKey" : "BA:16:16:DF:00:B2:88:C9:F9:E0:7F:72:B6:DC:83:1F:87:46:C3:C4:4B:8B:EB:C0:AD:B9:A2:FB:31:75:0A:89:12:25:58:B6:42:B1:78:A3:7F:19:B0:03:19:35:AD:51:5D:08:36:CB:C3:6E:63:B2:CE:89:2D:24:AD:EA:DD:BD:73:0A:06:84:4E:4D:83:AF:B8:EC:F9:E1:98:9F:35:9F:83:11:DD:71:61:5E:CF:DE:9A:BF:0D:A7:8A:64:F2:94:26:5D:A7:E0:20:B9:C2:01:BB:62:F2:7D:C3:A9:9B:91:DE:49:1E:97:B7:E8:CA:38:1C:E9:92:76:07:A8:26:95:5D:C1:89:E7:EA:27:03:57:BE:D2:76:B5:E4:AC:89:10:67:7F:42:DA:5D:52:5C:9F:65:59:A4:42:0B:81:F8:77:B5:F8:2D:18:DA:9B:1A:F4:BD:BD:F2:33:97:7A:EA:64:1B:CE:58:CF:9C:E7:18:60:94:CE:66:C9:57:7E:62:A2:AD:47:3D:29:D2:F8:DB:AB:D7:8F:D1:7D:8A:9A:FC:68:37:48:3C:AD:38:A5:76:D8:4C:E2:64:AE:87:B7:DA:78:3E:EB:2B:C8:70:43:4D:CB:4E:72:80:43:CB:D2:43:A7:71:16:22:27:0F:A1:DB:0A:83:88:2C:09:49:0A:35:8C:76:76:55:E2:3A:1C:7C:74:F0:91:60:A2:45:7F:6C:7A:2B:A5:51:87:25:D0:DB:9C:E0:B8:32:27:83:D6:3F:70:C5:7A:1B:92:09:E7:77:39:3A:C2:28:B1:5C:8A:3F:42:FE:D6:6A:7D:F6:E5:D6:FB:B0:DB:AB:D9:65:29:BE:75:DA:07:E8:38:B2:A0:75:9F:45:8E:FF:6B:AF:27:DB:FA:2E:AB:80:51:09:88:7D:7B:AC:A4:B7:15:41:30:A0:E1:0F:C7:DD:D1:F4:84:7D:D3:F8:B1:B0:F9:55:8F:A6:DC:44:E0:E6:0F:C5:DF:32:93:51:8D:7D:BA:79:4A:3E:72:CA:CB:9A:2E:8B:E6:A0:63:57:C8:CD:92:F8:70:0A:1E:6D:CA:DF:35:D4:91:45:E7:DB:7F:86:32:E9:8C:A3:D2:D0:35:15:70:A9:DA:39:DF:FA:76:9C:EF:5D:B6:A4:58:49:EE:A0:B1:74:33:D2:41:97:F6:FE:0C:07:66:DE:56:5F:3E:15:03:70:3D:56:80:5E:F6:CB:C3:FA:78:CE:14:0C:D7:E1:53:48:8B:5A:61:C0:04:BA:DD:ED:B3:E4:F1:76:AD:FD:03:27:C9:FB:EC:5A:75:0B:22:8F:6A:E8:35:47:FB:04:B7:A7:5F:51:FA:46:EF:00:64:03:27:1C:FB",
    "publicKeyAlgorithm" : "RSA",
    "keySize" : "2048",
    "thumbprintAlgorithm" : "SHA-256",
    "thumbprint" : "35:4B:A5:11:A9:3D:39:0D:B7:95:9B:4D:07:5C:73:40:D0:DF:63:D4:68:97:6E:1B:20:70:87:AE:40:3F:7E:AD",
    "numberOfDaysToExpire" : 3644,
    "expirationStatus" : "ACTIVE",
    "pemEncoded" : "-----BEGIN CERTIFICATE-----MIIFRDCCBCygAwIBAgIJAOx9cA2cGcUUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExIjAgBgNVBAoMGXBzYy0xLnZyYWNrLnZzcGhlcmUubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzAeFw0xODA3MDIxNDE1NTJaFw0yODA2MjcxMjIyMzlaMIGwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMQ8wDQYDVQQKEwZWTXdhcmUxGzAZBgNVBAsTElZNd2FyZSBFbmdpbmVlcmluZzEqMCgGA1UEAxMhbG9hZC1iYWxhbmNlci52cmFjay52c3BoZXJlLmxvY2FsMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6FhbfALKIyfngf3K23IMfh0bDxEuL68CtuaL7MXUKiRIlWLZCsXijfxmwAxk1rVFdCDbLw25jss6JLSSt6t29cwoGhE5Ng6+47PnhmJ81n4MR3XFhXs/emr8Np4pk8pQmXafgILnCAbti8n3DqZuR3kkel7foyjgc6ZJ2B6gmlV3BiefqJwNXvtJ2teSsiRBnf0LaXVJcn2VZpEILgfh3tfgtGNqbGvS9vfIzl3rqZBvOWM+c5xhglM5myVd+YqKtRz0p0vjbq9eP0X2KmvxoN0g8rTildthM4mSuh7faeD7rK8hwQ03LTnKAQ8vSQ6dxFiInD6HbCoOILAlJCjWMdnZV4jocfHTwkWCiRX9seiulUYcl0Nuc4LgyJ4PWP3DFehuSCed3OTrCKLFcij9C/tZqffbl1vuw26vZZSm+ddoH6DiyoHWfRY7/a68n2/ouq4BRCYh9e6yktxVBMKDhD8fd0fSEfdP4sbD5VY+m3ETg5g/F3zKTUY19unlKPnLKy5oui+agY1fIzZL4cAoebcrfNdSRRefbf4Yy6Yyj0tA1FXCp2jnf+nac7122pFhJ7qCxdDPSQZf2/gwHZt5WXz4VA3A9VoBe9svD+njOFAzX4VNIi1phwAS63e2z5PF2rf0DJ8n77Fp1CyKPaug1R/sEt6dfUfpG7wBkAycc+wIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAyBgNVHREEKzApgiFsb2FkLWJhbGFuY2VyLnZyYWNrLnZzcGhlcmUubG9jYWyHBAoAAA8wHwYDVR0jBBgwFoAUauWGErq+/JHwQ3qju9Ch8V2097MwDQYJKoZIhvcNAQELBQADggEBAMCvNCQ3KsvncoYK9fI0cfcBYEpFuToB+duK7yztklf8P6PLRSWdU39KaG+xv5768K+xe90riOYs0Mhcs0IuUQW2F6kCnlW3ff2R3pvTeM3kGqXclk4KGKRNnhhsF3Ze8QW3drH0dzD3vNcumdLr+GvG6vF2O/Pl3+Nn9dwE72ZVl7Ai970jJM5CVjI+wST19ZQPpq1E3aad3Bk+AQcQCIGputBGkHFZUGX4T6jPH0uDOcSRjH7v6TXhF2Cury7zme0zpWYwC4RMH/AxqK4z6DlmAwu2zycN097TMM/ZUXePmvgY7JSB5BIiY4ZxlnNbJy4756XDSBt41AaHxqWNcfs=-----END CERTIFICATE-----"
  }, {
    "version" : "V3",
    "serialNumber" : "f4:80:33:5f:e5:77:2a:f7",
    "issuedTo" : "sfo-m01-nsx01.rainpole.io",
    "issuedBy" : "OU=ISBU, O=VMware, L= Bangalore, ST=Karnataka, C=IN, CN=test1.openssl.eng.vmware.com",
    "notBefore" : "2019-07-25T07:38:55.000Z",
    "notAfter" : "2020-07-24T07:38:55.000Z",
    "signatureAlgorithm" : "SHA256withRSA",
    "subject" : "C=US, CN=sfo-m01-nsx01.rainpole.io",
    "subjectAlternativeName" : [ "sfo-m01-nsx01.rainpole.io" ],
    "publicKey" : "BA:16:16:DF:00:B2:88:C9:F9:E0:7F:72:B6:DC:83:1F:87:46:C3:C4:4B:8B:EB:C0:AD:B9:A2:FB:31:75:0A:89:12:25:58:B6:42:B1:78:A3:7F:19:B0:03:19:35:AD:51:5D:08:36:CB:C3:6E:63:B2:CE:89:2D:24:AD:EA:DD:BD:73:0A:06:84:4E:4D:83:AF:B8:EC:F9:E1:98:9F:35:9F:83:11:DD:71:61:5E:CF:DE:9A:BF:0D:A7:8A:64:F2:94:26:5D:A7:E0:20:B9:C2:01:BB:62:F2:7D:C3:A9:9B:91:DE:49:1E:97:B7:E8:CA:38:1C:E9:92:76:07:A8:26:95:5D:C1:89:E7:EA:27:03:57:BE:D2:76:B5:E4:AC:89:10:67:7F:42:DA:5D:52:5C:9F:65:59:A4:42:0B:81:F8:77:B5:F8:2D:18:DA:9B:1A:F4:BD:BD:F2:33:97:7A:EA:64:1B:CE:58:CF:9C:E7:18:60:94:CE:66:C9:57:7E:62:A2:AD:47:3D:29:D2:F8:DB:AB:D7:8F:D1:7D:8A:9A:FC:68:37:48:3C:AD:38:A5:76:D8:4C:E2:64:AE:87:B7:DA:78:3E:EB:2B:C8:70:43:4D:CB:4E:72:80:43:CB:D2:43:A7:71:16:22:27:0F:A1:DB:0A:83:88:2C:09:49:0A:35:8C:76:76:55:E2:3A:1C:7C:74:F0:91:60:A2:45:7F:6C:7A:2B:A5:51:87:25:D0:DB:9C:E0:B8:32:27:83:D6:3F:70:C5:7A:1B:92:09:E7:77:39:3A:C2:28:B1:5C:8A:3F:42:FE:D6:6A:7D:F6:E5:D6:FB:B0:DB:AB:D9:65:29:BE:75:DA:07:E8:38:B2:A0:75:9F:45:8E:FF:6B:AF:27:DB:FA:2E:AB:80:51:09:88:7D:7B:AC:A4:B7:15:41:30:A0:E1:0F:C7:DD:D1:F4:84:7D:D3:F8:B1:B0:F9:55:8F:A6:DC:44:E0:E6:0F:C5:DF:32:93:51:8D:7D:BA:79:4A:3E:72:CA:CB:9A:2E:8B:E6:A0:63:57:C8:CD:92:F8:70:0A:1E:6D:CA:DF:35:D4:91:45:E7:DB:7F:86:32:E9:8C:A3:D2:D0:35:15:70:A9:DA:39:DF:FA:76:9C:EF:5D:B6:A4:58:49:EE:A0:B1:74:33:D2:41:97:F6:FE:0C:07:66:DE:56:5F:3E:15:03:70:3D:56:80:5E:F6:CB:C3:FA:78:CE:14:0C:D7:E1:53:48:8B:5A:61:C0:04:BA:DD:ED:B3:E4:F1:76:AD:FD:03:27:C9:FB:EC:5A:75:0B:22:8F:6A:E8:35:47:FB:04:B7:A7:5F:51:FA:46:EF:00:64:03:27:1C:FB",
    "publicKeyAlgorithm" : "RSA",
    "keySize" : "2048",
    "thumbprintAlgorithm" : "SHA-256",
    "thumbprint" : "02:B1:D1:01:18:9F:07:39:E1:7C:94:BC:50:07:64:E8:45:8C:F8:73:3E:A9:23:BC:D2:BD:B1:17:E9:B3:C0:11",
    "numberOfDaysToExpire" : 365,
    "expirationStatus" : "ACTIVE",
    "pemEncoded" : "-----BEGIN CERTIFICATE-----MIIFRDCCBCygAwIBAgIJAOx9cA2cGcUUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExIjAgBgNVBAoMGXBzYy0xLnZyYWNrLnZzcGhlcmUubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzAeFw0xODA3MDIxNDE1NTJaFw0yODA2MjcxMjIyMzlaMIGwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMQ8wDQYDVQQKEwZWTXdhcmUxGzAZBgNVBAsTElZNd2FyZSBFbmdpbmVlcmluZzEqMCgGA1UEAxMhbG9hZC1iYWxhbmNlci52cmFjay52c3BoZXJlLmxvY2FsMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6FhbfALKIyfngf3K23IMfh0bDxEuL68CtuaL7MXUKiRIlWLZCsXijfxmwAxk1rVFdCDbLw25jss6JLSSt6t29cwoGhE5Ng6+47PnhmJ81n4MR3XFhXs/emr8Np4pk8pQmXafgILnCAbti8n3DqZuR3kkel7foyjgc6ZJ2B6gmlV3BiefqJwNXvtJ2teSsiRBnf0LaXVJcn2VZpEILgfh3tfgtGNqbGvS9vfIzl3rqZBvOWM+c5xhglM5myVd+YqKtRz0p0vjbq9eP0X2KmvxoN0g8rTildthM4mSuh7faeD7rK8hwQ03LTnKAQ8vSQ6dxFiInD6HbCoOILAlJCjWMdnZV4jocfHTwkWCiRX9seiulUYcl0Nuc4LgyJ4PWP3DFehuSCed3OTrCKLFcij9C/tZqffbl1vuw26vZZSm+ddoH6DiyoHWfRY7/a68n2/ouq4BRCYh9e6yktxVBMKDhD8fd0fSEfdP4sbD5VY+m3ETg5g/F3zKTUY19unlKPnLKy5oui+agY1fIzZL4cAoebcrfNdSRRefbf4Yy6Yyj0tA1FXCp2jnf+nac7122pFhJ7qCxdDPSQZf2/gwHZt5WXz4VA3A9VoBe9svD+njOFAzX4VNIi1phwAS63e2z5PF2rf0DJ8n77Fp1CyKPaug1R/sEt6dfUfpG7wBkAycc+wIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAyBgNVHREEKzApgiFsb2FkLWJhbGFuY2VyLnZyYWNrLnZzcGhlcmUubG9jYWyHBAoAAA8wHwYDVR0jBBgwFoAUauWGErq+/JHwQ3qju9Ch8V2097MwDQYJKoZIhvcNAQELBQADggEBAMCvNCQ3KsvncoYK9fI0cfcBYEpFuToB+duK7yztklf8P6PLRSWdU39KaG+xv5768K+xe90riOYs0Mhcs0IuUQW2F6kCnlW3ff2R3pvTeM3kGqXclk4KGKRNnhhsF3Ze8QW3drH0dzD3vNcumdLr+GvG6vF2O/Pl3+Nn9dwE72ZVl7Ai970jJM5CVjI+wST19ZQPpq1E3aad3Bk+AQcQCIGputBGkHFZUGX4T6jPH0uDOcSRjH7v6TXhF2Cury7zme0zpWYwC4RMH/AxqK4z6DlmAwu2zycN097TMM/ZUXePmvgY7JSB5BIiY4ZxlnNbJy4756XDSBt41AaHxqWNcfs=-----END CERTIFICATE-----"
  } ]
}

Tip : Refer to: View certificate of all the resources in a domain API

Warning : Certificate installation will replace the already installed certificates.

Note : The CSRs cannot be fetched after successful certificate installation.

Note : Only singleton object of a particular certificate authority will exist at any point of time in the VCF environment.

Note : Only the latest generated CSRs will exist in the VCF environment after a series of generate CSR operation.

Note : Only the latest generated certificates will exist in the VCF environment after a series of generate certificate operation.

2. Install Certificates By Offline Mode

The following steps have to be followed to install certificates signed by external third party certificate authorities.

2.1. Prerequisites

  • VCF environment.

2.2. Steps

  • Generate CSR by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/csrs' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "csrGenerationSpec" : {
    "country" : "IN",
    "state" : "Karnataka",
    "locality" : "Bengaluru",
    "organization" : "VMware",
    "organizationUnit" : "ISBU",
    "email" : "[email protected]",
    "keySize" : "2048",
    "keyAlgorithm" : "RSA"
  },
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER",
    "sans" : [ "sfo-m01-nsx01.rainpole.io", "10.0.0.6" ]
  } ]
}'

HTTP Request

PUT /v1/domains/MGMT/csrs HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 415
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "csrGenerationSpec" : {
    "country" : "IN",
    "state" : "Karnataka",
    "locality" : "Bengaluru",
    "organization" : "VMware",
    "organizationUnit" : "ISBU",
    "email" : "[email protected]",
    "keySize" : "2048",
    "keyAlgorithm" : "RSA"
  },
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER",
    "sans" : [ "sfo-m01-nsx01.rainpole.io", "10.0.0.6" ]
  } ]
}

HTTP Response

HTTP/1.1 202 Accepted
Location: /v1/tasks/cd1b7198-be22-4a2f-b3df-b632e0e34e37
Content-Type: application/json
Content-Length: 79

{
  "id" : "cd1b7198-be22-4a2f-b3df-b632e0e34e37",
  "status" : "IN_PROGRESS"
}

Tip : Refer to: Generate CSR(s) API

  • Poll the status of the task using the task API with the ID from the response of the previous API.

Tip : Refer to: Get a Task

  • Poll the task until "status" is not "IN_PROGRESS" with the ID from the previous response.

Tip : Refer to: Get a Task.

  • If the "status" is "SUCCESSFUL", the task is completed successfully.

  • If the "status" is "FAILED", execute the generate CSR request again.

  • If the generation of CSR is successful, fetch the contents of the CSR to check for which resources CSR is generated by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/csrs' -i -X GET \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/domains/MGMT/csrs HTTP/1.1
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1154

{
  "elements" : [ {
    "csrEncodedContent" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICtDCCAZwCAQAwbzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH\nEwJQQTEMMAoGA1UECxMDVkNGMQ8wDQYDVQQKEwZWTXdhcmUxJzAlBgNVBAMTHm5z\neE1hbmFnZXIudnJhY2sudnNwaGVyZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAKtumknTB1do77E5rCXGRgqT6iqTgW0moiDZS6USGkeTQMvj\nR5JnQjq11xJl0y1meSdA6ufft8xndOr1b8alRs4+FreuJLl/8HBIVLRECrfkfIn0\nImwZzGFih2wwrCD/evb/7paNcdt97+KF2nwqB5ADysyFkjYs0uiJxxE5i8HsST1L\n+AStKeAV0lOk/2n/qgHPUcnjH7KchJAet9DFuKBWUW7QIryQffuiQrdAFqcEPHJC\nubHyqnoBPktosD3SXs1UickNiTyXIRC1NGHK/w7VTTJfBxkXxIdejazVGjCAW8w0\n/N4iW3rCaxSpnggWLGYFbGEkhikgtkpj8zIRjk8CAwEAAaAAMA0GCSqGSIb3DQEB\nCwUAA4IBAQBkxJTuymqggHLhWbtnvtA3mU4freKzF2XDUUP+K5kz43j2IXNbsCJI\nWDpY9OCVj9NHZ+uFTvQLvCb3E+6h0vE4Dw2PVUuOpz/Ag1qmgYIxtC5vzN4gLKih\nUNROG5wYryYKO8YL4MB3XIQdx9b8y8Fxyh3ZHIvdghhUPBooWzeCUXVPD8Le4p52\nD8yMGREtSQL4avLughd+SFd0fvKQq+/K42WOFn7PYVfgLBqdW1YCjEIfAdsG+bhG\n3CIBan84uV3cKFSM4NtxCvHZnuRZmx6+0Frtt1w9sndjKvHrA6ozoHO9O1gl/E9D\nY1rzOB7KFzGiZHAMT2Cf/x/xGo8rTGFZ\n-----END CERTIFICATE REQUEST-----",
    "resource" : {
      "fqdn" : "sfo-m01-nsx01.rainpole.io"
    }
  } ]
}

Tip : Refer to: Get available CSR(s) in json format API

  • After successful CSR generation, download CSR in ".tar.gz" format by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/csrs/downloads' -i -X GET \
    -H 'Accept: application/octet-stream' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/domains/MGMT/csrs/downloads HTTP/1.1
Accept: application/octet-stream
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1012
Content-Disposition: attachment; filename="csrString.txt"
Accept-Ranges: bytes

-----BEGIN CERTIFICATE REQUEST-----
MIICtDCCAZwCAQAwbzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH
EwJQQTEMMAoGA1UECxMDVkNGMQ8wDQYDVQQKEwZWTXdhcmUxJzAlBgNVBAMTHm5z
eE1hbmFnZXIudnJhY2sudnNwaGVyZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKtumknTB1do77E5rCXGRgqT6iqTgW0moiDZS6USGkeTQMvj
R5JnQjq11xJl0y1meSdA6ufft8xndOr1b8alRs4+FreuJLl/8HBIVLRECrfkfIn0
ImwZzGFih2wwrCD/evb/7paNcdt97+KF2nwqB5ADysyFkjYs0uiJxxE5i8HsST1L
+AStKeAV0lOk/2n/qgHPUcnjH7KchJAet9DFuKBWUW7QIryQffuiQrdAFqcEPHJC
ubHyqnoBPktosD3SXs1UickNiTyXIRC1NGHK/w7VTTJfBxkXxIdejazVGjCAW8w0
/N4iW3rCaxSpnggWLGYFbGEkhikgtkpj8zIRjk8CAwEAAaAAMA0GCSqGSIb3DQEB
CwUAA4IBAQBkxJTuymqggHLhWbtnvtA3mU4freKzF2XDUUP+K5kz43j2IXNbsCJI
WDpY9OCVj9NHZ+uFTvQLvCb3E+6h0vE4Dw2PVUuOpz/Ag1qmgYIxtC5vzN4gLKih
UNROG5wYryYKO8YL4MB3XIQdx9b8y8Fxyh3ZHIvdghhUPBooWzeCUXVPD8Le4p52
D8yMGREtSQL4avLughd+SFd0fvKQq+/K42WOFn7PYVfgLBqdW1YCjEIfAdsG+bhG
3CIBan84uV3cKFSM4NtxCvHZnuRZmx6+0Frtt1w9sndjKvHrA6ozoHO9O1gl/E9D
Y1rzOB7KFzGiZHAMT2Cf/x/xGo8rTGFZ
-----END CERTIFICATE REQUEST-----

Tip : Refer to: Download available CSR(s) in tar.gz format API

  • Use the downloaded CSRs to have it manually signed by external certificate authorities.

  • Verify that the certificate authority configuration files have been configured and packaged in the form of

    a ".tar.gz" file with the following conditions

    • The name of the top-level directory must exactly match the name of the domain to which certificates are to be installed.

    • The PEM-encoded root CA certificate chain file (rootca.crt) must reside inside this top-level directory.

    • This directory must contain one sub-directory for each component resource and the name of each sub-directory must exactly match the resource fqdn.

    • Each sub-directory must contain a corresponding ".csr" file, whose name must exactly match the

      resource fqdn followed by ".csr" extension.

    • Each sub-directory must contain a corresponding ".crt" file, whose name must exactly match the

      resource fqdn followed by ".crt" extension.

  • Upload the packaged signed certificates by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/certificates/uploads' -i -X PUT \
    -H 'Content-Type: multipart/form-data' \
    -H 'Authorization: Bearer etYWRta....' \
    -F '[email protected];type=multipart/form-data'

HTTP Request

PUT /v1/domains/MGMT/certificates/uploads HTTP/1.1
Content-Type: multipart/form-data; boundary=6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Content-Disposition: form-data; name=file; filename=MGMT.tar.gz
Content-Type: multipart/form-data

-----BEGIN CERTIFICATE-----
MIIC2zCCAcMCAQAwgZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRIwEAYDVQQHEwlQYWxvIEFsdG8xHjAcBgNVBAsTFVZNd2FyZSBJVCAgZGVwYXJ0
bWVudDEUMBIGA1UEChMLVk1XYXJlIEluYy4xJzAlBgNVBAMTHm5zeE1hbmFnZXIu
dnJhY2sudnNwaGVyZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPgggMHrSsbcC9JYjGQCDiSTsG0LPGjMcTKgEaUi6zcVKWAv7ccpvW7cwFtc
2FqtM4zlETOK0tHZmS17uUg/tsJSWq+nr2VQ541XifvZOVINcIlKnzGJO32d4qxO
3xY3lr8Pj7xZe0xZK3iP+TBiUdtHggSYJ6uWYHoZAJ74Jqp4pVdwQgjm1sINldYm
e1x+txQINQB7MFG2tflQ7iXRaiLGZKXR86xDvw/T1OcPPjtSnwFjYfeHtE2KjuT9
RiCXl4cUuH+pjQTsWSSByK0LyC8U9/tqDGnMiERxBl1g9rBKQMOoZmTCF3gr7hhx
PZ16JlYqU9hbAjPxVkGO0NkI9PsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAq
vqrtJ4nQepjbwOmJor2ZHOUaoqwImE3OJaa6PxaikD1c14maMXJ4XQm+ONJooCPx
CL6TVs2DSydxVzRFHj5dyAz7MJ8XIkqijvarxb+gLjhim4+O+MuS7hHaCnVU9KMg
i3QhWFc1SwDuhiHL3RXbf04gOzrbEhIPa9rBKQMOoZmTCF3gr7JiuSqBvKtG3cus
3DjxA1z9CGUgIrYBlOm2/xPDp91AIMGeP9YXh8ue/NVPZ+tlZOCgKGiS05CTK5Wr
cHaC7yQqIyZdKP9EQhv3yhxL4ho9e1xL9f4puv3CBE5VmCb8LZ/5CRIKOHEsIV70
XGKY78p5LoKf4ro2LLQ+
-----END CERTIFICATE-----
--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm--

HTTP Response

HTTP/1.1 200 OK

Tip : Refer to: Upload certificates to the certificate store API

  • After successful upload operation, install the signed certificates on remote resources by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/certificates' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....' \
    -d '{
  "operationType" : "INSTALL",
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER"
  } ]
}'

HTTP Request

PATCH /v1/domains/MGMT/certificates HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 129
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

{
  "operationType" : "INSTALL",
  "resources" : [ {
    "fqdn" : "sfo-m01-nsx01.rainpole.io",
    "type" : "NSX_MANAGER"
  } ]
}

HTTP Response

HTTP/1.1 202 Accepted
Location: /v1/tasks/26c32844-f23a-4aa0-aace-48081a875a72
Content-Type: application/json
Content-Length: 79

{
  "id" : "26c32844-f23a-4aa0-aace-48081a875a72",
  "status" : "IN_PROGRESS"
}

Tip : Refer to: Replace certificate(s) for the selected resource(s) in a domain API

  • Poll the status of the task using the task API with the ID from the response of the previous API.

Tip : Refer to: Get a Task

  • Poll the task until "status" is not "IN_PROGRESS" with the ID from the previous response.

Tip : Refer to: Get a Task.

  • If the "status" is "SUCCESSFUL", the task is completed successfully.

  • If the "status" is "FAILED", the task can be re-executed.

Tip : Refer to: Retry a Task

  • Fetch the installed certificates by invoking the API

cURL Request

$ curl 'https://sfo-vcf01.rainpole.io/v1/domains/MGMT/resource-certificates' -i -X GET \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer etYWRta....'

HTTP Request

GET /v1/domains/MGMT/resource-certificates HTTP/1.1
Accept: application/json
Host: sfo-vcf01.rainpole.io
Authorization: Bearer etYWRta....

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 8435

{
  "elements" : [ {
    "version" : "V3",
    "serialNumber" : "ca:0b:5d:6d:07:4e:db:41",
    "issuedTo" : "sfo-m01-vc01.rainpole.io",
    "issuedBy" : "OU=VMware Engineering, O=sfo-m01-psc01.rainpole.io, ST=California, C=US, DC=local, DC=vsphere, CN=CA",
    "notBefore" : "2019-07-11T10:16:05.000Z",
    "notAfter" : "2029-07-06T08:17:24.000Z",
    "signatureAlgorithm" : "SHA256withRSA",
    "subject" : "C=US, CN=sfo-m01-vc01.rainpole.io",
    "subjectAlternativeName" : [ "sfo-m01-vc01.rainpole.io" ],
    "publicKey" : "BA:16:16:DF:00:B2:88:C9:F9:E0:7F:72:B6:DC:83:1F:87:46:C3:C4:4B:8B:EB:C0:AD:B9:A2:FB:31:75:0A:89:12:25:58:B6:42:B1:78:A3:7F:19:B0:03:19:35:AD:51:5D:08:36:CB:C3:6E:63:B2:CE:89:2D:24:AD:EA:DD:BD:73:0A:06:84:4E:4D:83:AF:B8:EC:F9:E1:98:9F:35:9F:83:11:DD:71:61:5E:CF:DE:9A:BF:0D:A7:8A:64:F2:94:26:5D:A7:E0:20:B9:C2:01:BB:62:F2:7D:C3:A9:9B:91:DE:49:1E:97:B7:E8:CA:38:1C:E9:92:76:07:A8:26:95:5D:C1:89:E7:EA:27:03:57:BE:D2:76:B5:E4:AC:89:10:67:7F:42:DA:5D:52:5C:9F:65:59:A4:42:0B:81:F8:77:B5:F8:2D:18:DA:9B:1A:F4:BD:BD:F2:33:97:7A:EA:64:1B:CE:58:CF:9C:E7:18:60:94:CE:66:C9:57:7E:62:A2:AD:47:3D:29:D2:F8:DB:AB:D7:8F:D1:7D:8A:9A:FC:68:37:48:3C:AD:38:A5:76:D8:4C:E2:64:AE:87:B7:DA:78:3E:EB:2B:C8:70:43:4D:CB:4E:72:80:43:CB:D2:43:A7:71:16:22:27:0F:A1:DB:0A:83:88:2C:09:49:0A:35:8C:76:76:55:E2:3A:1C:7C:74:F0:91:60:A2:45:7F:6C:7A:2B:A5:51:87:25:D0:DB:9C:E0:B8:32:27:83:D6:3F:70:C5:7A:1B:92:09:E7:77:39:3A:C2:28:B1:5C:8A:3F:42:FE:D6:6A:7D:F6:E5:D6:FB:B0:DB:AB:D9:65:29:BE:75:DA:07:E8:38:B2:A0:75:9F:45:8E:FF:6B:AF:27:DB:FA:2E:AB:80:51:09:88:7D:7B:AC:A4:B7:15:41:30:A0:E1:0F:C7:DD:D1:F4:84:7D:D3:F8:B1:B0:F9:55:8F:A6:DC:44:E0:E6:0F:C5:DF:32:93:51:8D:7D:BA:79:4A:3E:72:CA:CB:9A:2E:8B:E6:A0:63:57:C8:CD:92:F8:70:0A:1E:6D:CA:DF:35:D4:91:45:E7:DB:7F:86:32:E9:8C:A3:D2:D0:35:15:70:A9:DA:39:DF:FA:76:9C:EF:5D:B6:A4:58:49:EE:A0:B1:74:33:D2:41:97:F6:FE:0C:07:66:DE:56:5F:3E:15:03:70:3D:56:80:5E:F6:CB:C3:FA:78:CE:14:0C:D7:E1:53:48:8B:5A:61:C0:04:BA:DD:ED:B3:E4:F1:76:AD:FD:03:27:C9:FB:EC:5A:75:0B:22:8F:6A:E8:35:47:FB:04:B7:A7:5F:51:FA:46:EF:00:64:03:27:1C:FB",
    "publicKeyAlgorithm" : "RSA",
    "keySize" : "2048",
    "thumbprintAlgorithm" : "SHA-256",
    "thumbprint" : "35:4B:A5:11:A9:3D:39:0D:B7:95:9B:4D:07:5C:73:40:D0:DF:63:D4:68:97:6E:1B:20:70:87:AE:40:3F:7E:AD",
    "numberOfDaysToExpire" : 3644,
    "expirationStatus" : "ACTIVE",
    "pemEncoded" : "-----BEGIN CERTIFICATE-----MIIFRDCCBCygAwIBAgIJAOx9cA2cGcUUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExIjAgBgNVBAoMGXBzYy0xLnZyYWNrLnZzcGhlcmUubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzAeFw0xODA3MDIxNDE1NTJaFw0yODA2MjcxMjIyMzlaMIGwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMQ8wDQYDVQQKEwZWTXdhcmUxGzAZBgNVBAsTElZNd2FyZSBFbmdpbmVlcmluZzEqMCgGA1UEAxMhbG9hZC1iYWxhbmNlci52cmFjay52c3BoZXJlLmxvY2FsMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6FhbfALKIyfngf3K23IMfh0bDxEuL68CtuaL7MXUKiRIlWLZCsXijfxmwAxk1rVFdCDbLw25jss6JLSSt6t29cwoGhE5Ng6+47PnhmJ81n4MR3XFhXs/emr8Np4pk8pQmXafgILnCAbti8n3DqZuR3kkel7foyjgc6ZJ2B6gmlV3BiefqJwNXvtJ2teSsiRBnf0LaXVJcn2VZpEILgfh3tfgtGNqbGvS9vfIzl3rqZBvOWM+c5xhglM5myVd+YqKtRz0p0vjbq9eP0X2KmvxoN0g8rTildthM4mSuh7faeD7rK8hwQ03LTnKAQ8vSQ6dxFiInD6HbCoOILAlJCjWMdnZV4jocfHTwkWCiRX9seiulUYcl0Nuc4LgyJ4PWP3DFehuSCed3OTrCKLFcij9C/tZqffbl1vuw26vZZSm+ddoH6DiyoHWfRY7/a68n2/ouq4BRCYh9e6yktxVBMKDhD8fd0fSEfdP4sbD5VY+m3ETg5g/F3zKTUY19unlKPnLKy5oui+agY1fIzZL4cAoebcrfNdSRRefbf4Yy6Yyj0tA1FXCp2jnf+nac7122pFhJ7qCxdDPSQZf2/gwHZt5WXz4VA3A9VoBe9svD+njOFAzX4VNIi1phwAS63e2z5PF2rf0DJ8n77Fp1CyKPaug1R/sEt6dfUfpG7wBkAycc+wIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAyBgNVHREEKzApgiFsb2FkLWJhbGFuY2VyLnZyYWNrLnZzcGhlcmUubG9jYWyHBAoAAA8wHwYDVR0jBBgwFoAUauWGErq+/JHwQ3qju9Ch8V2097MwDQYJKoZIhvcNAQELBQADggEBAMCvNCQ3KsvncoYK9fI0cfcBYEpFuToB+duK7yztklf8P6PLRSWdU39KaG+xv5768K+xe90riOYs0Mhcs0IuUQW2F6kCnlW3ff2R3pvTeM3kGqXclk4KGKRNnhhsF3Ze8QW3drH0dzD3vNcumdLr+GvG6vF2O/Pl3+Nn9dwE72ZVl7Ai970jJM5CVjI+wST19ZQPpq1E3aad3Bk+AQcQCIGputBGkHFZUGX4T6jPH0uDOcSRjH7v6TXhF2Cury7zme0zpWYwC4RMH/AxqK4z6DlmAwu2zycN097TMM/ZUXePmvgY7JSB5BIiY4ZxlnNbJy4756XDSBt41AaHxqWNcfs=-----END CERTIFICATE-----"
  }, {
    "version" : "V3",
    "serialNumber" : "f4:80:33:5f:e5:77:2a:f7",
    "issuedTo" : "sfo-m01-nsx01.rainpole.io",
    "issuedBy" : "OU=ISBU, O=VMware, L= Bangalore, ST=Karnataka, C=IN, CN=test1.openssl.eng.vmware.com",
    "notBefore" : "2019-07-25T07:38:55.000Z",
    "notAfter" : "2020-07-24T07:38:55.000Z",
    "signatureAlgorithm" : "SHA256withRSA",
    "subject" : "C=US, CN=sfo-m01-nsx01.rainpole.io",
    "subjectAlternativeName" : [ "sfo-m01-nsx01.rainpole.io" ],
    "publicKey" : "BA:16:16:DF:00:B2:88:C9:F9:E0:7F:72:B6:DC:83:1F:87:46:C3:C4:4B:8B:EB:C0:AD:B9:A2:FB:31:75:0A:89:12:25:58:B6:42:B1:78:A3:7F:19:B0:03:19:35:AD:51:5D:08:36:CB:C3:6E:63:B2:CE:89:2D:24:AD:EA:DD:BD:73:0A:06:84:4E:4D:83:AF:B8:EC:F9:E1:98:9F:35:9F:83:11:DD:71:61:5E:CF:DE:9A:BF:0D:A7:8A:64:F2:94:26:5D:A7:E0:20:B9:C2:01:BB:62:F2:7D:C3:A9:9B:91:DE:49:1E:97:B7:E8:CA:38:1C:E9:92:76:07:A8:26:95:5D:C1:89:E7:EA:27:03:57:BE:D2:76:B5:E4:AC:89:10:67:7F:42:DA:5D:52:5C:9F:65:59:A4:42:0B:81:F8:77:B5:F8:2D:18:DA:9B:1A:F4:BD:BD:F2:33:97:7A:EA:64:1B:CE:58:CF:9C:E7:18:60:94:CE:66:C9:57:7E:62:A2:AD:47:3D:29:D2:F8:DB:AB:D7:8F:D1:7D:8A:9A:FC:68:37:48:3C:AD:38:A5:76:D8:4C:E2:64:AE:87:B7:DA:78:3E:EB:2B:C8:70:43:4D:CB:4E:72:80:43:CB:D2:43:A7:71:16:22:27:0F:A1:DB:0A:83:88:2C:09:49:0A:35:8C:76:76:55:E2:3A:1C:7C:74:F0:91:60:A2:45:7F:6C:7A:2B:A5:51:87:25:D0:DB:9C:E0:B8:32:27:83:D6:3F:70:C5:7A:1B:92:09:E7:77:39:3A:C2:28:B1:5C:8A:3F:42:FE:D6:6A:7D:F6:E5:D6:FB:B0:DB:AB:D9:65:29:BE:75:DA:07:E8:38:B2:A0:75:9F:45:8E:FF:6B:AF:27:DB:FA:2E:AB:80:51:09:88:7D:7B:AC:A4:B7:15:41:30:A0:E1:0F:C7:DD:D1:F4:84:7D:D3:F8:B1:B0:F9:55:8F:A6:DC:44:E0:E6:0F:C5:DF:32:93:51:8D:7D:BA:79:4A:3E:72:CA:CB:9A:2E:8B:E6:A0:63:57:C8:CD:92:F8:70:0A:1E:6D:CA:DF:35:D4:91:45:E7:DB:7F:86:32:E9:8C:A3:D2:D0:35:15:70:A9:DA:39:DF:FA:76:9C:EF:5D:B6:A4:58:49:EE:A0:B1:74:33:D2:41:97:F6:FE:0C:07:66:DE:56:5F:3E:15:03:70:3D:56:80:5E:F6:CB:C3:FA:78:CE:14:0C:D7:E1:53:48:8B:5A:61:C0:04:BA:DD:ED:B3:E4:F1:76:AD:FD:03:27:C9:FB:EC:5A:75:0B:22:8F:6A:E8:35:47:FB:04:B7:A7:5F:51:FA:46:EF:00:64:03:27:1C:FB",
    "publicKeyAlgorithm" : "RSA",
    "keySize" : "2048",
    "thumbprintAlgorithm" : "SHA-256",
    "thumbprint" : "02:B1:D1:01:18:9F:07:39:E1:7C:94:BC:50:07:64:E8:45:8C:F8:73:3E:A9:23:BC:D2:BD:B1:17:E9:B3:C0:11",
    "numberOfDaysToExpire" : 365,
    "expirationStatus" : "ACTIVE",
    "pemEncoded" : "-----BEGIN CERTIFICATE-----MIIFRDCCBCygAwIBAgIJAOx9cA2cGcUUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExIjAgBgNVBAoMGXBzYy0xLnZyYWNrLnZzcGhlcmUubG9jYWwxGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzAeFw0xODA3MDIxNDE1NTJaFw0yODA2MjcxMjIyMzlaMIGwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMQ8wDQYDVQQKEwZWTXdhcmUxGzAZBgNVBAsTElZNd2FyZSBFbmdpbmVlcmluZzEqMCgGA1UEAxMhbG9hZC1iYWxhbmNlci52cmFjay52c3BoZXJlLmxvY2FsMR4wHAYJKoZIhvcNAQkBFg92bWNhQHZtd2FyZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6FhbfALKIyfngf3K23IMfh0bDxEuL68CtuaL7MXUKiRIlWLZCsXijfxmwAxk1rVFdCDbLw25jss6JLSSt6t29cwoGhE5Ng6+47PnhmJ81n4MR3XFhXs/emr8Np4pk8pQmXafgILnCAbti8n3DqZuR3kkel7foyjgc6ZJ2B6gmlV3BiefqJwNXvtJ2teSsiRBnf0LaXVJcn2VZpEILgfh3tfgtGNqbGvS9vfIzl3rqZBvOWM+c5xhglM5myVd+YqKtRz0p0vjbq9eP0X2KmvxoN0g8rTildthM4mSuh7faeD7rK8hwQ03LTnKAQ8vSQ6dxFiInD6HbCoOILAlJCjWMdnZV4jocfHTwkWCiRX9seiulUYcl0Nuc4LgyJ4PWP3DFehuSCed3OTrCKLFcij9C/tZqffbl1vuw26vZZSm+ddoH6DiyoHWfRY7/a68n2/ouq4BRCYh9e6yktxVBMKDhD8fd0fSEfdP4sbD5VY+m3ETg5g/F3zKTUY19unlKPnLKy5oui+agY1fIzZL4cAoebcrfNdSRRefbf4Yy6Yyj0tA1FXCp2jnf+nac7122pFhJ7qCxdDPSQZf2/gwHZt5WXz4VA3A9VoBe9svD+njOFAzX4VNIi1phwAS63e2z5PF2rf0DJ8n77Fp1CyKPaug1R/sEt6dfUfpG7wBkAycc+wIDAQABo28wbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAyBgNVHREEKzApgiFsb2FkLWJhbGFuY2VyLnZyYWNrLnZzcGhlcmUubG9jYWyHBAoAAA8wHwYDVR0jBBgwFoAUauWGErq+/JHwQ3qju9Ch8V2097MwDQYJKoZIhvcNAQELBQADggEBAMCvNCQ3KsvncoYK9fI0cfcBYEpFuToB+duK7yztklf8P6PLRSWdU39KaG+xv5768K+xe90riOYs0Mhcs0IuUQW2F6kCnlW3ff2R3pvTeM3kGqXclk4KGKRNnhhsF3Ze8QW3drH0dzD3vNcumdLr+GvG6vF2O/Pl3+Nn9dwE72ZVl7Ai970jJM5CVjI+wST19ZQPpq1E3aad3Bk+AQcQCIGputBGkHFZUGX4T6jPH0uDOcSRjH7v6TXhF2Cury7zme0zpWYwC4RMH/AxqK4z6DlmAwu2zycN097TMM/ZUXePmvgY7JSB5BIiY4ZxlnNbJy4756XDSBt41AaHxqWNcfs=-----END CERTIFICATE-----"
  } ]
}

Tip : Refer to: View certificate of all the resources in a domain API

Warning : Certificate installation will replace the already installed certificates.

Note : The CSRs cannot be fetched or downloaded after successful certificate installation.

Note : Only the latest generated CSRs will exist in the VCF environment after a series of generate CSR operation.

Note : Only the latest uploaded certificates will exist in the VCF environment after a series of upload certificate operation.

Last updated 2022-01-24 06:18:36 PST

Operations
PATCH
Configure Certificate Authority
Configure existing certificate authority
PUT
Create Certificate Authority
Create a certificate authority
DELETE
Delete Ca Configuration
Deletes CA configuration file
GET
Download CSR
Download available CSR(s) in tar.gz format
PUT
Generate Certificates
Generate certificate(s) for the selected resource(s) in a domain
PUT
Generates CS Rs
Generate CSR(s)
GET
Get Certificate Authorities
Get certificate authorities information
GET
Get Certificate Authority By Id
Get certificate authority information
GET
Get Certificates
Get latest generated certificate(s) in a domain.
GET
Get CS Rs
Get available CSR(s) in json format
PATCH
Replace Certificates
Replace certificate(s) for the selected resource(s) in a domain
PUT
Upload Certificates
Upload certificates to the certificate store
GET
View Certificate
View certificate of all the resources in a domain