vcenter certificate management vcenter tls: set
Replaces the rhttpproxy TLS certificate with the specified certificate. This operation can be used in three scenarios :
- When the CSR is created and the private key is already stored, this operation can replace the certificate. The vcenter.certificate_management.vcenter.tls.spec.cert (but not vcenter.certificate_management.vcenter.tls.spec.key and vcenter.certificate_management.vcenter.tls.spec.root_cert) must be provided as input.
- When the certificate is signed by a third party certificate authority/VMCA and the root certificate of the third party certificate authority/VMCA is already one of the trusted roots in the trust store, this operation can replace the certificate and private key. The vcenter.certificate_management.vcenter.tls.spec.cert and vcenter.certificate_management.vcenter.tls.spec.key (but not vcenter.certificate_management.vcenter.tls.spec.root_cert) must be provided as input.
- When the certificate is signed by a third party certificate authority and the root certificate of the third party certificate authority is not one of the trusted roots in the trust store, this operation can replace the certificate, private key and root CA certificate. The vcenter.certificate_management.vcenter.tls.spec.cert,vcenter.certificate_management.vcenter.tls.spec.key and vcenter.certificate_management.vcenter.tls.spec.root_cert must be provided as input.
The above three scenarios are only supported from vsphere 7.0 onwards.
. This operation was added in vSphere API 6.7.2.Request:
HTTP request
PUT https://{server}/rest/vcenter/certificate-management/vcenter/tls
Request Body Structure:
{
"spec" : {
"cert" : "string",
"root_cert" : "string",
"key" : "secret string"
}
}
"spec" : {
"cert" : "string",
"root_cert" : "string",
"key" : "secret string"
}
}
Request Body Parameters:
| Name | Type | Description |
|---|---|---|
| bold = required | ||
| spec | spec | The information needed to replace the TLS certificate. |
| spec.cert | string | Certificate string in PEM format. This attribute was added in vSphere API 6.7.2. |
| spec.key | secret | Private key string in PEM format. This attribute was added in vSphere API 6.7.2. Optional. If unset the private key from the certificate store will be used. It is required when replacing the certificate with a third party signed certificate. |
| spec.root_cert | string | Third party Root CA certificate in PEM format. This attribute was added in vSphere API 6.9.1. Optional. If unset the new third party root CA certificate will not be added to the trust store. It is required when replacing the certificate with a third party signed certificate if the root certificate of the third party is not already a trusted root. |
Response:
HTTP Status Code: 200
NoneErrors:
| HTTP Status Code | Type | Description |
|---|---|---|
| 404 | not_found | If the private key is not present in the VECS store. |
| 400 | already_exists | If the specified certificate thumbprint is the same as the existing TLS certificate thumbprint. |
| 500 | error | If the system failed to replace the TLS certificate. |