Certificate Management
NSX supports self‐signed certificates, certificates signed by a Certification Authority (CA), and certificates generated and signed by a CA.
- API-URL is a URL of the form https://vcloud.example.com/network.
- id is a VMware Cloud Director unique identifier in the form of a UUID, as defined by RFC 4122.
- # is a small integer used in an NSX object identifier.
To preserve tenant isolation,
globally scoped NSX objects such as certificates, CSRs, and certificate
revocation lists, are referenced with a tuple comprising the edge UUID and the
NSX ID for the object. For example, where the NSX API references a certificate
with identifier
certificate-1 with a
URL of the form
.../services/truststore/certificate/certificate-1the vCloud Director API for NSX prepends the edge URL (id) and a colon to the NSX object identifier, as shown in this example:
.../services/truststore/certificate/id:certificate-1
| Operation | Request | Request Body | Response |
|---|---|---|---|
| Create a certificate for the edge with identifier id. | POST API-URL/services/truststore/certificate/id | trustObject | 201 Created |
| Import a certificate or certificate chain against the certificate signing request with identifier csr-# . | POST API-URL/services/truststore/certificate/csr-# | trustObject | 204 No Content |
| Retrieve all certificates for the edge with identifier id. | GET API-URL/services/truststore/certificate/scope/id | None | certificates |
| Retrieve the certificate with identifier certificate-# from the edge with identifier id. | GET API-URL/services/truststore/certificate/id:certificate-# | None | certificate |
| Delete the certificate with identifier certificate-# from the edge with identifier id. | DELETE API-URL/services/truststore/certificate/id:certificate-# | None | 204 No Content |
| Create a certificate signing request for the edge with identifier id. | POST API-URL/services/truststore/csr/id | csr | 201 Created |
| Retrieve all certificate signing requests for the edge with identifier id. | GET API-URL/services/truststore/csr/scope/id | None | csrs |
| Retrieve the certificate signing request with identifier csr-# from the edge with identifier id. | GET API-URL/services/truststore/certificate/id:csr-# | None | csr |
| Delete the certificate signing request with identifier csr-# from the edge with identifier id. | DELETE API-URL/services/truststore/certificate/id:csr-# | None | 204 No Content |
| Create a certificate revocation list for the edge with identifier id. | POST API-URL/services/truststore/crl/id | trustObject | 204 No Content |
| Retrieve all certificate revocation lists for the edge with identifier id. | GET API-URL/services/truststore/crl/scope/id | None | crls |
| Retrieve the certificate revocation list with identifier crl-# from the edge with identifier id. | GET API-URL/services/truststore/certificate/id:crl-# | None | crl |
| Delete the certificate revocation list with identifier crl-# from the edge with identifier id. | DELETE API-URL/services/truststore/certificate/id:crl-# | None | 204 No Content |