vcenter certificate management vcenter vmca root: create
Replace Root Certificate with VMCA signed one using the given Spec.
After this operation completes, the services using the certificate will be restarted for the new certificate to take effect.
. This operation was added in vSphere API 6.9.1.Request:
HTTP request
POST https://{server}/rest/vcenter/certificate-management/vcenter/vmca-root
Request Body Structure:
{
"spec" : {
"state_or_province" : "string",
"country" : "string",
"email_address" : "string",
"organization" : "string",
"locality" : "string",
"subject_alt_name" : [
"string",
"string"
],
"common_name" : "string",
"key_size" : 1,
"organization_unit" : "string"
}
}
"spec" : {
"state_or_province" : "string",
"country" : "string",
"email_address" : "string",
"organization" : "string",
"locality" : "string",
"subject_alt_name" : [
"string",
"string"
],
"common_name" : "string",
"key_size" : 1,
"organization_unit" : "string"
}
}
Request Body Parameters:
| Name | Type | Description |
|---|---|---|
| bold = required | ||
| spec | create_spec | Optional. The information needed to generate VMCA signed Root Certificate. |
| spec.key_size | long | The size of the key to be used for public and private key generation. This attribute was added in vSphere API 6.9.1. Optional. If unset the key size will be 2048. |
| spec.common_name | string | The common name of the host for which certificate is generated. This attribute was added in vSphere API 6.9.1. Optional. If unset the common name will be the primary network identifier (PNID) of the vCenter Virtual Server Appliance (VCSA). |
| spec.organization | string | Organization field in certificate subject. This attribute was added in vSphere API 6.9.1. Optional. If unset the organization will be 'VMware'. |
| spec.organization_unit | string | Organization unit field in certificate subject. This attribute was added in vSphere API 6.9.1. Optional. If unset the organization unit will be 'VMware Engineering'. |
| spec.locality | string | Locality field in certificate subject. This attribute was added in vSphere API 6.9.1. Optional. If unset the locality will be 'Palo Alto'. |
| spec.state_or_province | string | State field in certificate subject. This attribute was added in vSphere API 6.9.1. Optional. If unset the state will be 'California'. |
| spec.country | string | Country field in certificate subject. This attribute was added in vSphere API 6.9.1. Optional. If unset the country will be 'US'. |
| spec.email_address | string | Email field in Certificate extensions. This attribute was added in vSphere API 6.9.1. Optional. If unset the emailAddress will be '[email protected]'. |
| spec.subject_alt_name | string[] | SubjectAltName is list of Dns Names and Ip addresses. This attribute was added in vSphere API 6.9.1. Optional. If unset PNID of host will be used as IPAddress or Hostname for certificate generation. |
Response:
HTTP Status Code: 200
NoneErrors:
| HTTP Status Code | Type | Description |
|---|---|---|
| 500 | error | If the system failed to renew the TLS certificate. |