Schema for Certificate Configuration

The Advanced Networking Services API provides functionality to manage certificates. You can manage certificates for the following features:

■	IPsec VPN tunnels from your on-premises data center to vCloud Air
■	SSL VPN-Plus connections to private networks and Web resources deployed in vCloud Air
■	The virtual servers and pool servers configured for load balancing in vCloud Air

Before you can order a signed certificate from a CA or create a self-signed certificate, you must generate a Certificate Signing Request (CSR) for your edge gateway.

Note

You generate a CSR with a matching private-key file that must remain on the edge gateway. The CSR contains the matching public key and other information such as your organization's name, location, and domain name.

For an example of the schema for certificate signing requests (CSRs), see Example: Manage Certificate Signing Requests.

CERTIFICATE SIGNING REQUEST (csrs)

Element

Type

Required

Description

objectId

String

Yes

The ID for the CSR

Note

The system auto-generates an ID for the CSR.

objectTypeName

String

Yes

The name of the object

By default, Advanced Networking Services names the object Csr; do not change it.

vsmUuid

String

Yes

The universally unique (UUID) for the VMware Service Manager (VSM)

Note

The system auto-generates this value for the CSR; do not change it.

revision

Number

Yes

Current version of the CSR configuration

Note

The system auto-generates a version number for the configuration; do not change it.

name

String

Yes

The fully-qualified domain name (FQDN) for the organization that you will be using the certificate for (for example, www.exampledomain.com)

By default, Advanced Networking Services sets the common name to vmware.com.

description

String

A description of the certificate

TYPE (type)

name

String

Yes

The name for this certificate signing request

By default, Advanced Networking Services names the request Csr.

SCOPE (scope)

String

Yes

The ID of the edge gateway on which you will use the certificate

objectTypeName

String

Yes

The object name of the edge gateway

By default, Advanced Networking Services names the object Edge; do not change it.

name

String

Yes

The name of the edge gateway

SUBJECT (subject – Array)

key

String

Yes

The required keys for the request

Provide the following keys and values for the request:

■	Common Name (CN)
■	Organization (O)
■	Organization Unit (OU)
■	Locality (L)
■	State (ST)
■	Country (C) Set the country code where your company is legally registered.

By default, Advanced Networking Services provides the values for VMware.

value

String

Yes

The required values to match the keys

ADDITIONAL ELEMENTS

algorithm

String

The key type (typically RSA) for the certificate

The key type defines the encryption algorithm for communication between the hosts. The key is required for enabling public key/private key encryption.

Note

SSL VPN-Plus supports RSA certificates only.

keySize

String

Sets the key size; 2048 bits minimum

String

Yes

The fully-qualified domain name (FQDN) for the organization that you will be using the certificate for (for example, www.exampledomain.com)

Do not include the http:// or https:// prefixes in your common name.

pemEncoding

String

Yes

The certificate request in PEM encoded format

You can create, install, and manage self-signed server certificates by using the Advanced Networking Services API.

By adding a Certificate Authority (CA) certificate, you can become an interim CA for your company. You then have the authority for signing your own certificates. For an example of the schema for certificates, see List Certificates for vCloud Air.

CERTIFICATE – GLOBAL SETTINGS
Element	Type	Required	Description
objectId	String	Yes	The ID for the certificate Note The system auto-generates an ID for the certificate.
objectTypeName	String	Yes	The name of the object By default, Advanced Networking Services names the object Certificate; do not change it.
vsmUuid	String	Yes	The universally unique (UUID) for the VMware Service Manager (VSM) Note The system auto-generates this value or the certificate; do not change it.
revision	Number	Yes	The current version of the certificate Note The system auto-generates a version number for the certificate; do not change it.
name	String	Yes	The fully-qualified domain name (FQDN) for the organization that you will be using the certificate for (for example, www.exampledomain.com) By default, Advanced Networking Services sets the common name to vmware.com.
description	String	No	A description of the certificate
TYPE (type)
name	String	Yes	The name for this certificate By default, Advanced Networking Services names it Certificate.
SCOPE (scope)
id	String	Yes	The ID of the edge gateway on which you will use the certificate
objectTypeName	String	Yes	The object name of the edge gateway By default, Advanced Networking Services names the object Edge; do not change it.
name	String	Yes	The name of the edge gateway
ADDITIONAL ELEMENTS
subjectCn	String	Yes	The fully-qualified domain name (FQDN) for the organization that you will be using the certificate for (for example, www.exampledomain.com) Do not include the http:// or https:// prefixes in your common name.
issuerCn	String	Yes	Common name for the certificate issuer
pemEncoding	String	Yes	The certificate in PEM encoded format
certificateType	String	Yes	The type of certificate For example, "certificate_signed"

CERTIFICATE – x.509 CERTIFICATE SETTINGS (x509Certificates – Array)
Element	Type	Required	Description
subjectCn	String	Yes	The fully-qualified domain name (FQDN) for the organization that you will be using the certificate for (for example, www.exampledomain.com) Do not include the http:// or https:// prefixes in your common name.
issuerCn	String	Yes	Common name for the certificate issuer
version	String	Yes	The X.509 version of the encoded certificate
serialNumber	String	Yes	The unique integer assigned by the CA to the certificate The issuer name and serial number uniquely identify a certificate.
signatureAlgo	String	Yes	The key type (typically RSA) for the certificate The key type defines the encryption algorithm for communication between the hosts. Note SSL VPN-Plus supports RSA certificates only.
signature	String	Yes	Signs the certificate with any public key signature algorithm
notBefore	String	Yes	The valid from date
notAfter	String	Yes	The valid to date
issuer	String	Yes	The distinguished name of the entity who signed and issued the certificate
subject	String	Yes	Specifies the entity the certificate was issue to (their distinguished name)
publicKeyAlgo	String	Yes	The algorithm ID for the public key
publicKeyLength	String	Yes	The size in bits of the public key
rsaPublicKeyModulus	String	Yes	A component of the public key – the product of two large primes (a modulus)
rsaPublicKeyExponent	String	Yes	The encryption exponent Along with the modulus, defines the public key
dsaPublicKeyG	String	No	The DSA group generatorg for the public key
dsaPublicKeyP	String	No	The DSA primep for the public key
dsaPublicKeyQ	String	No	The DSA group orderq for the public key
dsaPublicKeyY	String	No	The DSA public key value y for the public key
sha1Hash	String	Yes	The cryptography hash function used by the public key
md5Hash	String	Yes	The cryptography hash function used by the public key
isCa	Boolean	Yes	Whether the certificate was issues by a Certificate Authority (true) or is self-signed (false)
isValid	Boolean	Yes	Whether the certificate is still valid
ca	Boolean	Yes	Whether the certificate was issues by a Certificate Authority (true) or is self-signed (false)
valid	Boolean	Yes	Whether the certificate is still valid