System Administration > Settings > Certificates

Associated URIs:

API Description API Path

Return the Properties of a Trust Manager


Returns information about the supported algorithms and key sizes.
GET /api/v1/trust-management

Get the certificate profile for the given service type


Get an available certificate profile
GET /api/v1/trust-management/certificate-profile/<service-type>

Return the list of certificate profiles. |


GET /api/v1/trust-management/certificate-profiles

Return All the User-Facing Components' Certificates


Returns all certificate information viewable by the user, including each
certificate's UUID; resource_type (for example, certificate_self_signed,
certificate_ca, or certificate_signed); pem_encoded data; and history of the
certificate (who created or modified it and when). For additional
information, include the ?details=true modifier at the end of the request
URI.
GET /api/v1/trust-management/certificates

Add a New Certificate


Adds a new private-public certificate or a chain of certificates (CAs) and,
optionally, a private key that can be applied to one of the user-facing
components (appliance management or edge). The certificate and the key
should be stored in PEM format. If no private key is provided, the
certificate is used as a client certificate in the trust store.
POST /api/v1/trust-management/certificates?action=import

Set a certificate as the Appliance Proxy certificate to be used in inter-site communication


Set a certificate that has been imported to be the Appliance Proxy certificate
used for communicating with Appliance Proxies on other sites.
POST /api/v1/trust-management/certificates?action=set_appliance_proxy_certificate_for_inter_site_communication

Delete Certificate for the Given Certificate ID


Removes the specified certificate. The private key associated with the
certificate is also deleted.
DELETE /api/v1/trust-management/certificates/<cert-id>

Show Certificate Data for the Given Certificate ID


Returns information for the specified certificate ID, including the
certificate's UUID; resource_type (for example, certificate_self_signed,
certificate_ca, or certificate_signed); pem_encoded data; and history of the
certificate (who created or modified it and when). For additional
information, include the ?details=true modifier at the end of the request
URI.
GET /api/v1/trust-management/certificates/<cert-id>

Return the list of CrlDistributionPoints


GET /api/v1/trust-management/crl-distribution-points

Create a Crl Distribution Point


Create an entity that will represent a Crl Distribution Point
POST /api/v1/trust-management/crl-distribution-points

Delete a CrlDistributionPoint


Delete a CrlDistributionPoint. It does not delete the actual CRL.
DELETE /api/v1/trust-management/crl-distribution-points/<crl-distribution-point-id>

Return the CrlDistributionPoint with


GET /api/v1/trust-management/crl-distribution-points/<crl-distribution-point-id>

Update CrlDistributionPoint with This allows updating the ManagedResource fields.


PUT /api/v1/trust-management/crl-distribution-points/<crl-distribution-point-id>

Return the status of the CrlDistributionPoint


GET /api/v1/trust-management/crl-distribution-points/<crl-distribution-point-id>/status

Return stored CRL in PEM format


POST /api/v1/trust-management/crl-distribution-points/pem-file

Return All Added CRLs


Returns information about all CRLs. For additional information, include the
?details=true modifier at the end of the request URI.
GET /api/v1/trust-management/crls

Add a New Certificate Revocation List


Adds a new certificate revocation list (CRL). The CRL is used to verify the
client certificate status against the revocation lists published by the CA.
For this reason, the administrator needs to add the CRL in certificate
repository as well.
POST /api/v1/trust-management/crls?action=import

Delete a CRL


Deletes an existing CRL.
DELETE /api/v1/trust-management/crls/<crl-id>

Show CRL Data for the Given CRL ID


Returns information about the specified CRL. For additional information,
include the ?details=true modifier at the end of the request URI.
GET /api/v1/trust-management/crls/<crl-id>

Update CRL for the Given CRL ID


Updates an existing CRL.
PUT /api/v1/trust-management/crls/<crl-id>

Return All the Generated CSRs


Returns information about all of the CSRs that have been created.
GET /api/v1/trust-management/csrs

Generate a New Certificate Signing Request


Creates a new certificate signing request (CSR). A CSR is encrypted text that
contains information about your organization (organization name, country,
and so on) and your Web server's public key, which is a public certificate
the is generated on the server that can be used to forward this request to a
certificate authority (CA). A private key is also usually created at the
same time as the CSR.
POST /api/v1/trust-management/csrs

Generate a New Certificate Signing Request with Extensions


Creates a new certificate signing request (CSR) with selected extensions.
A CSR is encrypted text that contains information about your organization
(organization name, country, and so on), additional attributes as
extensions, and your Web server's public key, which is a public certificate
the is generated on the server that can be used to forward this request
to a certificate authority (CA). A private key is also usually created at
the same time as the CSR.
POST /api/v1/trust-management/csrs-extended (Experimental)

Delete a CSR


Removes a specified CSR. If a CSR is not used for verification, you can
delete it. Note that the CSR import and upload POST actions automatically
delete the associated CSR.
DELETE /api/v1/trust-management/csrs/<csr-id>

Show CSR Data for the Given CSR ID


Returns information about the specified CSR.
GET /api/v1/trust-management/csrs/<csr-id>

Upload the Certificate PEM File Signed by the CA Associated with a CSR


Uploads the certificate authority (CA)-signed certificate. After you send
the certificate request to the CA of your choice, and the CA sends back the
signed certificate, you can use the upload POST action to upload the signed
certificate. The upload action is similar to the import action, but the
upload action allows you to directly upload the PEM-encoded file (signed
certificate) provided by the CA. Like the import POST action, the upload
POST action automatically deletes the associated CSR.
POST /api/v1/trust-management/csrs/<csr-id>?action=upload

Import a Certificate Associated with an Approved CSR


Imports a certificate authority (CA)-signed certificate for a CSR. This
action links the certificate to the private key created by the CSR. The
pem_encoded string in the request body is the signed certificate provided by
your CA in response to the CSR that you provide to them. The import POST
action automatically deletes the associated CSR.
POST /api/v1/trust-management/csrs/<csr-id>?action=import

Self-Sign the CSR


Self-signs the previously generated CSR. This action is similar to the
import certificate action, but instead of using a public certificate signed
by a CA, the self_sign POST action uses a certificate that is signed with
NSX's own private key. For validity, if a value greater than 825 days is provided,
it will be set to 825 days.
POST /api/v1/trust-management/csrs/<csr-id>?action=self_sign

Get CSR PEM File for the Given CSR ID


Downloads the CSR PEM file for a specified CSR. Clients must include an Accept: text/plain request header.
GET /api/v1/trust-management/csrs/<csr-id>/pem-file