cURL Examples of Certificate Management Operations

Renew the TLS Certificate

curl --insecure -H 'Content-Type:application/json' --request POST --data-ascii '{"duration":"730"}' --url https://<server>/api/vcenter/certificate-management/vcenter/tls/?action=renew --header 'vmware-api-session-id:8ab92796a606801c233a2189a1e8f823'

Generate a CSR

This example generates a CSR and private key on the vCenter Server instance. The private key remains on the machine.

You can perform this operation as part of a use case scenario in which you want to replace the VMCA-issued TLS certificate with a TLS certificate issued by a custom Certificate Authority (CA). You must use the CSR and obtain a certificate from the external CA to replace the existing certificate. For details on the replacement operation, see Replace the TLS Certificate with a Generated Certificate.

curl --insecure -H 'Content-Type:application/json' --request POST --data-ascii '{"spec": {"key_size": "2048","common_name":"sc-rdops-vm05-dhcp-154-50.eng.vmware.com","country":"US","locality":"PA","state_or_province":"CA","organization":"VMware","organization_unit":"SSO",email_address":"[email protected]","subject_alt_name":["local.vmware.com,abc.eng.com,192.168.1.1"]} }' --url https://<server>/api/vcenter/certificate-management/vcenter/tls-csr --header 'vmware-api-session-id:4916bc4a8d37d3742277d0e26ac28faa'

Replace the TLS Certificate with a Generated Certificate

This example replaces the existing TLS certificate with another certificate obtained from a CSR that you generated. You must provide the obtained certificate in PEM format in the input spec.

You can perform this operation as part of a use case scenario in which you want to replace the VMCA-issued TLS certificate with a TLS certificate issued by a custom Certificate Authority (CA). You must use the CSR and obtain a certificate from the external CA to replace the existing certificate. For details on the CSR generation operation, see Generate a CSR.

curl -i --insecure -H 'Content-Type:application/json' --request PUT --data-ascii '{"spec":{"cert":"-----BEGIN CERTIFICATE-----\nMIIEJTCCAw2gAwIBAgIJAM5BdOvJGi+MMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD\nVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ\nFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExKTAnBgNV\nBAoMIHNjMS0xMC03OC0xMDYtMTY4LmVuZy52bXdhcmUuY29tMRswGQYDVQQLDBJW\nTXdhcmUgRW5naW5lZXJpbmcwHhcNMTkwOTEyMDkyNDIwWhcNMjAwNzA4MDkyNDIw\nWjBsMQswCQYDVQQGEwJJTjEMMAoGA1UECAwDQmdsMQwwCgYDVQQHDANOR0wxDDAK\nBgNVBAoMA3ZtdzEzMDEGA1UEAwwqc2MyLXJkb3BzLXZtMDctZGhjcC0yNDUtMjA0\nLmVuZy52bXdhcmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n3o1uY1FRL0fJX9k4GnPhp5hIFvbHcYTU+WgPDDtboskcJwUSybOxLu6s2gRHjDH4\nx0VQQ2U9DtlIds62jJErOqhstSmip8SQmhrVa1eN9ORwFeFEjHrFuAAdhKQirWj7\nu93kFv3vyoEp6vf0ZrTVvK9P4MZ3xO8ZWed6EiU6ju+eNJvEd1lJ+3l0InvORFp0\nH/V7LvfwA1G0rwbCzKQ+VWWZsO4cLMAoXqReXN9E2q2CtpGPXUCA7SLBXasrQxda\nELPXSDn+Dnnql319GLGkiJDa8k1K6RqZ6knu1dwGvBNw5P6LWhsLqRz44RSr27Zw\npvarlVuVnab/5b6DfgHgiQIDAQABo4GNMIGKMBUGA1UdEQQOMAyCBHNjMi2HBAoB\nAQEwHwYDVR0jBBgwFoAUphwxwKuWlxqZgFdHYJLbyRrprB8wUAYIKwYBBQUHAQEE\nRDBCMEAGCCsGAQUFBzAChjRodHRwczovL3NjMS0xMC03OC0xMDYtMTY4LmVuZy52\nbXdhcmUuY29tL2FmZC92ZWNzL2NhMA0GCSqGSIb3DQEBCwUAA4IBAQAyydRgWRBf\n8hVkC89yE912kRqh9sQyN2VtnjEQ0el+HB9FAYlhlYgW4mFK+f50NliyiKsGiPT6\nvL/5Txub3CyLmMuzBgr2r8DnSiOntN9OJdF+FuFmGN6KvK9RvNpJwhtFjjVnDc45\nGYUyAhNpXvLec+DyAJDdqBtTDy9VqypPBHGhPoMNDjnHI+Zj7svS+duunGD+A9y6\n9+HJKyK+TnhlCDcms/kmwvUWjBt56p6OmPXGpXz8aUNe/byL59gqbgPBQoV1ASnu\nvJm5sXiehzwdYglnCIdbCebL7tdJRh8Qsv1mQ7gfuOrjFtfVfSAbIjUPRH5o4LHa\nOvCeaa6p+dsw\n-----END CERTIFICATE-----"}}' --url https://<server>/api/vcenter/certificate-management/vcenter/tls/ --header 'vmware-api-session-id:4916bc4a8d37d3742277d0e26ac28faa'

Replace the TLS Certificate by Providing a Generated Certificate and the Root Certificate

This example replaces the existing TLS certificate with another certificate obtained from a CSR that you generated. The generated CSR is signed by a third-party CA. The private key is already present on the system, so the custom certificate and the root certificate are provided as input.

curl -i --insecure -H 'Content-Type:application/json' --request PUT --data-ascii '{"spec":{"cert":"-----BEGIN CERTIFICATE-----\nMIIEVzCCAz+gAwIBAgIJAO3rzi2tfQt2MA0GCSqGSIb3DQEBCwUAMIGwMQswCQYD\nVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ\nFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExMjAwBgNV\nBAoMKXNjLXJkb3BzLXZtMTItZGhjcC0xMTktMTIwLmVuZy52bXdhcmUuY29tMRsw\nGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjAwMjA2MTQzOTE4WhcNMjIw\nMjA2MDIzOTE4WjBBMTIwMAYDVQQDDClzYy1yZG9wcy12bTEyLWRoY3AtMTE5LTEy\nMC5lbmcudm13YXJlLmNvbTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQCX/IAUNuRK8E0VPISX/899ded41orLLb4qMcn8nM8UlulB\nIQ6c5dEGH90jz//sOvABskiQAOu5zoS0N42LMP5nfOflqksaMuxkjBoA+nn9pfQe\n3nticFDBXoufz9ADZPhIwnR4mWFngGURm2GZPxOZDgYvFlgmbDA8cMAVl/7Clvye\n4Moz9gD+vCwd/5ZOAx7qs7Xhd95h7Sh79MSquTQufwHgxOlhnWlSFwqzzeztjAhd\nLJQnV0vtd3wPiOL32rWXWuyVlKYN/xKliuy3W73xKxyXpW6GDomY9ZIBbq1LbHMe\nrxsRWJ4XCtLDvz/j2dG7pkAMqJtXwyHDar32scmRAgMBAAGjgeEwgd4wCwYDVR0P\nBAQDAgOoMDQGA1UdEQQtMCuCKXNjLXJkb3BzLXZtMTItZGhjcC0xMTktMTIwLmVu\nZy52bXdhcmUuY29tMB0GA1UdDgQWBBRVjbTf4YMZ3jO6KiDl6aVIXlMZXjAfBgNV\nHSMEGDAWgBRyC5hEctkyVLsj4gcSaTVllBxukjBZBggrBgEFBQcBAQRNMEswSQYI\nKwYBBQUHMAKGPWh0dHBzOi8vc2MtcmRvcHMtdm0xMi1kaGNwLTExOS0xMjAuZW5n\nLnZtd2FyZS5jb20vYWZkL3ZlY3MvY2EwDQYJKoZIhvcNAQELBQADggEBAEnny7ss\n7V6jOYHd/jwzTSM9wKqUyIJE2gZqPs7gXyajt4czRQLczh9bgb9CP5GsO+cQ48GE\nRfEPJXFwTapY+8LHiKQTkMVRmfLUWwtPt3gQHWuaDrFJ9H08VB1+s4ULDmFJvWgD\nJd96dp4r1H0psE0mi9yKdHqQ1cRKsNuBpTxJhLmCbl+bxbO6VTdoGX72s4CzBDuv\nxP3eg3OFy46DobgMA7IidFjFv7AMtKZb8sDn8xIQnHQ7+43o31hJICwAQ/VzZ50d\n6Mod6tKwUf/szYFxEmxdQ1QzQy5HFOu/trPDZmmKJ+IxQYpe6OimQAoYv7+bkMnv\nC+7wgKSF07J7RJ4=\n-----END CERTIFICATE-----","key":null,"root_cert":"-----BEGIN CERTIFICATE-----\nMIIESzCCAzOgAwIBAgIJAPinMDDbh9UYMA0GCSqGSIb3DQEBCwUAMIGwMQswCQYD\nVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ\nFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExMjAwBgNV\nBAoMKXNjLXJkb3BzLXZtMTItZGhjcC0xMTktMTIwLmVuZy52bXdhcmUuY29tMRsw\nGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjAwMjAzMTQzOTE4WhcNMzAw\nMTMxMTQzOTE4WjCBsDELMAkGA1UEAwwCQ0ExFzAVBgoJkiaJk/IsZAEZFgd2c3Bo\nZXJlMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI\nDApDYWxpZm9ybmlhMTIwMAYDVQQKDClzYy1yZG9wcy12bTEyLWRoY3AtMTE5LTEy\nMC5lbmcudm13YXJlLmNvbTEbMBkGA1UECwwSVk13YXJlIEVuZ2luZWVyaW5nMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPCxji6AMd7lv5IzXbmpzik1\nyj7GeGvtXqkfg1WaO200/tUcvgKrYUJln8/EiypkUIJCesaIztPAimAhK6blZDPu\nh1hlKRAcVp5rNf12Wa1Bd6z+puJ4tA8I39bED4yUY+bfaVyo86pFh4DuObEtDJoK\nOnhek59P2ZOM6bQs0AV0jOhL3bvjsjEMQ4ocMzhDDybUJ2FRmp68YwFi2bCKKuLV\nCgP3t+X3DXTdjiZSUICO7mZs/VRgOSw3tt3DvBFiclSH/oIhN+7mUOs0gKoD6a11\nY3i9sHUyULaTe+3/lg4DRF+vv2UZ90l6QOcZsIMt3hoqkCG3ZPhkv0NnxOkcyQID\nAQABo2YwZDAdBgNVHQ4EFgQUcguYRHLZMlS7I+IHEmk1ZZQcbpIwHwYDVR0RBBgw\nFoEOZW1haWxAYWNtZS5jb22HBH8AAAEwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB\n/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBABYgtMn7+S/4LL754it6nDlo\nToey6r1qXCw/KRrfBDk52aoF+VMtSadNp6EAk2AxmX9GtU+ucsqApcjxiPRIooOK\nbly8+/zLVFpbO83M2jGYT9Te/R8sncbPzNCr0KmtSpsPn0BBGGgZitGRBwvYpeeJ\njOalWy2zZHE8eqsP8qSh/Qug5hwBue68YqoyzwYQbiffeIakUl0bG1rXia9+ZIdI\nk+MCU7686vIXd9GUev2gyRptlbjkrn/Wx8KOKkSQx7VM+ahinyx09U1YsU3OR+H8\nrnLzdGnPbwt7igLaAP1uaXLsOxKfCLTpa0N7Z6bmp5E4LhI/uNO8V5xOPRD1jvY=\n-----END CERTIFICATE-----"} }' --url https://<server>/api/vcenter/certificate-management/vcenter/tls/ --header 'vmware-api-session-id:6c12e3392f1aec9c99556d23c9fe4cc0'

Replace the TLS Certificate by Providing a Generated Certificate and Private Key

This example replaces the existing TLS certificate with another certificate obtained from a CSR that you generated externally. The third-party root certificate is already present in the trusted root store, so the custom certificate and the private key are provided as input.

curl -i --insecure -H 'Content-Type:application/json' --request PUT --data-ascii '{"spec":{"cert":"-----BEGIN CERTIFICATE-----\nMIIEVzCCAz+gAwIBAgIJAO3rzi2tfQt2MA0GCSqGSIb3DQEBCwUAMIGwMQswCQYD\nVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ\nFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExMjAwBgNV\nBAoMKXNjLXJkb3BzLXZtMTItZGhjcC0xMTktMTIwLmVuZy52bXdhcmUuY29tMRsw\nGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjAwMjA2MTQzOTE4WhcNMjIw\nMjA2MDIzOTE4WjBBMTIwMAYDVQQDDClzYy1yZG9wcy12bTEyLWRoY3AtMTE5LTEy\nMC5lbmcudm13YXJlLmNvbTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQCX/IAUNuRK8E0VPISX/899ded41orLLb4qMcn8nM8UlulB\nIQ6c5dEGH90jz//sOvABskiQAOu5zoS0N42LMP5nfOflqksaMuxkjBoA+nn9pfQe\n3nticFDBXoufz9ADZPhIwnR4mWFngGURm2GZPxOZDgYvFlgmbDA8cMAVl/7Clvye\n4Moz9gD+vCwd/5ZOAx7qs7Xhd95h7Sh79MSquTQufwHgxOlhnWlSFwqzzeztjAhd\nLJQnV0vtd3wPiOL32rWXWuyVlKYN/xKliuy3W73xKxyXpW6GDomY9ZIBbq1LbHMe\nrxsRWJ4XCtLDvz/j2dG7pkAMqJtXwyHDar32scmRAgMBAAGjgeEwgd4wCwYDVR0P\nBAQDAgOoMDQGA1UdEQQtMCuCKXNjLXJkb3BzLXZtMTItZGhjcC0xMTktMTIwLmVu\nZy52bXdhcmUuY29tMB0GA1UdDgQWBBRVjbTf4YMZ3jO6KiDl6aVIXlMZXjAfBgNV\nHSMEGDAWgBRyC5hEctkyVLsj4gcSaTVllBxukjBZBggrBgEFBQcBAQRNMEswSQYI\nKwYBBQUHMAKGPWh0dHBzOi8vc2MtcmRvcHMtdm0xMi1kaGNwLTExOS0xMjAuZW5n\nLnZtd2FyZS5jb20vYWZkL3ZlY3MvY2EwDQYJKoZIhvcNAQELBQADggEBAEnny7ss\n7V6jOYHd/jwzTSM9wKqUyIJE2gZqPs7gXyajt4czRQLczh9bgb9CP5GsO+cQ48GE\nRfEPJXFwTapY+8LHiKQTkMVRmfLUWwtPt3gQHWuaDrFJ9H08VB1+s4ULDmFJvWgD\nJd96dp4r1H0psE0mi9yKdHqQ1cRKsNuBpTxJhLmCbl+bxbO6VTdoGX72s4CzBDuv\nxP3eg3OFy46DobgMA7IidFjFv7AMtKZb8sDn8xIQnHQ7+43o31hJICwAQ/VzZ50d\n6Mod6tKwUf/szYFxEmxdQ1QzQy5HFOu/trPDZmmKJ+IxQYpe6OimQAoYv7+bkMnv\nC+7wgKSF07J7RJ4=\n-----END CERTIFICATE-----","key":"-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCX/IAUNuRK8E0V\nPISX/899ded41orLLb4qMcn8nM8UlulBIQ6c5dEGH90jz//sOvABskiQAOu5zoS0\nN42LMP5nfOflqksaMuxkjBoA+nn9pfQe3nticFDBXoufz9ADZPhIwnR4mWFngGUR\nm2GZPxOZDgYvFlgmbDA8cMAVl/7Clvye4Moz9gD+vCwd/5ZOAx7qs7Xhd95h7Sh7\n9MSquTQufwHgxOlhnWlSFwqzzeztjAhdLJQnV0vtd3wPiOL32rWXWuyVlKYN/xKl\niuy3W73xKxyXpW6GDomY9ZIBbq1LbHMerxsRWJ4XCtLDvz/j2dG7pkAMqJtXwyHD\nar32scmRAgMBAAECggEAIUnKe6LyKX+sQmR43hnHRkFWq17CE3I3XmJ9TPjDWk0b\nVYp5+t9TArZj5v4dnY3jF1wHDJNHDfEvm5E3TS8z6VKwL9s2i8xvfi45W9GAeo+o\ngkJUX+EdrtyYVC5d7wBkaPs+K1Pcw6CZglu36qqoDjPGIvYP5Ip5niNLzu71e4Tj\n8fdWIgGLja05Z1CeWQnUVVqMHzrcyreCdGSxmiqzwY5ReuoruDrDtQrRnacZQ31t\nVKPEEm9J3tTgaNjqIJ1SptzN0cAdr4HngbhFr+ypRufaNNv+UcVm073McC1ZXns1\nhrUhjpF7e7EtF8zI3SyMdrMXG2itrKks5jtNdybKqQKBgQDHrjVb21xyBX3ircxC\nujHY+x0mUeKcbkLdJn2luDgXOxyepJljrGrDBvbUop5bekvCTSuHpSTXnasa9Aj9\n42QI+GvJ2j34Wr2H86IaBJeIBtMcgbbPQa1VM7wSHaPyK1azukfqGRbDWmjmsRu9\nQTQWnMT4q5uxO7E/URK7ZVMyWwKBgQDC2pE/c9JH5e6nPUy6qxtDT5g/IU+hYA83\n0wmCMz0zIe6Dvl6yW99vC3toCBzurgWncGYx4vrXFBMEunR2lY+xE4MCXqJ8e6eS\n+hvFCIueCtqsbZGKFWhvVjJTqPoJbEPC2odcRyO/m2mWBUPMFF9KRpaN/u1vRpKf\npfQ2UPIfgwKBgCodzXVddEc8b0vjeoTMfv0UIhbWCKUUAJhiqPfOPk5wEl5Hu26x\njCcsjd1Vm28SAW6vFjJbG8U6pT9fH5JlZtEZjKqblJyQjw9gzN0OAOQZBGgr1+Ip\nKSUib1Wm2NCYYYYxEUAIIKv9osidrIsjeJgYYtdMYt9kBsOjFv9dpMmnAoGALo6g\nw+N9q/Yxhr4r1jJKClQ7UWI5L5rPKAyBqh1qEwyZe9sBr2YqRdMdgmbl2tWzviUq\nFeNhAgDm5mtSpn7n3WyHEgrgkhPNn12pQvPewD1hsG9hpfelg2y6C6lFTPkUW7tx\nOkg5L3AH03OglmOLvSiOkpEF1F+tav3xEwVWRNcCgYEAhlb1eXHMpasnSNxp5GGn\nBtwrMkucP62AjNvp7gciDDOQKfrwQol2p3XHDr7WMrUSVoXZ9QhP/4usujIdB4xw\naZlv2bHHbkXnbfQrR1QEExhk+MfCKjuZ1q90mwE66iOXy69yLUaZUYDxG0SX97Gt\nWlQZwaQLpbmJXnXWNCRQMg8=\n-----END PRIVATE KEY-----""} }' --url https://<server>/api/vcenter/certificate-management/vcenter/tls/ --header 'vmware-api-session-id:4a0942a047adf40e1f64d46d48283f88'

Replace the TLS Certificate by Providing a Generated Certificate, Private Key, and CA Certificate

This example replaces the existing TLS certificate with another certificate obtained from a CSR that you generated externally. The third-party root certificate is not present in the trusted root store, so the custom certificate, its private key, and the CA certificate are provided as input.

curl -i --insecure -H 'Content-Type:application/json' --request PUT --data-ascii '{"spec":{"cert":"-----BEGIN CERTIFICATE-----\nMIIEVzCCAz+gAwIBAgIJAO3rzi2tfQt2MA0GCSqGSIb3DQEBCwUAMIGwMQswCQYD\nVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ\nFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExMjAwBgNV\nBAoMKXNjLXJkb3BzLXZtMTItZGhjcC0xMTktMTIwLmVuZy52bXdhcmUuY29tMRsw\nGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjAwMjA2MTQzOTE4WhcNMjIw\nMjA2MDIzOTE4WjBBMTIwMAYDVQQDDClzYy1yZG9wcy12bTEyLWRoY3AtMTE5LTEy\nMC5lbmcudm13YXJlLmNvbTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQCX/IAUNuRK8E0VPISX/899ded41orLLb4qMcn8nM8UlulB\nIQ6c5dEGH90jz//sOvABskiQAOu5zoS0N42LMP5nfOflqksaMuxkjBoA+nn9pfQe\n3nticFDBXoufz9ADZPhIwnR4mWFngGURm2GZPxOZDgYvFlgmbDA8cMAVl/7Clvye\n4Moz9gD+vCwd/5ZOAx7qs7Xhd95h7Sh79MSquTQufwHgxOlhnWlSFwqzzeztjAhd\nLJQnV0vtd3wPiOL32rWXWuyVlKYN/xKliuy3W73xKxyXpW6GDomY9ZIBbq1LbHMe\nrxsRWJ4XCtLDvz/j2dG7pkAMqJtXwyHDar32scmRAgMBAAGjgeEwgd4wCwYDVR0P\nBAQDAgOoMDQGA1UdEQQtMCuCKXNjLXJkb3BzLXZtMTItZGhjcC0xMTktMTIwLmVu\nZy52bXdhcmUuY29tMB0GA1UdDgQWBBRVjbTf4YMZ3jO6KiDl6aVIXlMZXjAfBgNV\nHSMEGDAWgBRyC5hEctkyVLsj4gcSaTVllBxukjBZBggrBgEFBQcBAQRNMEswSQYI\nKwYBBQUHMAKGPWh0dHBzOi8vc2MtcmRvcHMtdm0xMi1kaGNwLTExOS0xMjAuZW5n\nLnZtd2FyZS5jb20vYWZkL3ZlY3MvY2EwDQYJKoZIhvcNAQELBQADggEBAEnny7ss\n7V6jOYHd/jwzTSM9wKqUyIJE2gZqPs7gXyajt4czRQLczh9bgb9CP5GsO+cQ48GE\nRfEPJXFwTapY+8LHiKQTkMVRmfLUWwtPt3gQHWuaDrFJ9H08VB1+s4ULDmFJvWgD\nJd96dp4r1H0psE0mi9yKdHqQ1cRKsNuBpTxJhLmCbl+bxbO6VTdoGX72s4CzBDuv\nxP3eg3OFy46DobgMA7IidFjFv7AMtKZb8sDn8xIQnHQ7+43o31hJICwAQ/VzZ50d\n6Mod6tKwUf/szYFxEmxdQ1QzQy5HFOu/trPDZmmKJ+IxQYpe6OimQAoYv7+bkMnv\nC+7wgKSF07J7RJ4=\n-----END CERTIFICATE-----","key":"-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCX/IAUNuRK8E0V\nPISX/899ded41orLLb4qMcn8nM8UlulBIQ6c5dEGH90jz//sOvABskiQAOu5zoS0\nN42LMP5nfOflqksaMuxkjBoA+nn9pfQe3nticFDBXoufz9ADZPhIwnR4mWFngGUR\nm2GZPxOZDgYvFlgmbDA8cMAVl/7Clvye4Moz9gD+vCwd/5ZOAx7qs7Xhd95h7Sh7\n9MSquTQufwHgxOlhnWlSFwqzzeztjAhdLJQnV0vtd3wPiOL32rWXWuyVlKYN/xKl\niuy3W73xKxyXpW6GDomY9ZIBbq1LbHMerxsRWJ4XCtLDvz/j2dG7pkAMqJtXwyHD\nar32scmRAgMBAAECggEAIUnKe6LyKX+sQmR43hnHRkFWq17CE3I3XmJ9TPjDWk0b\nVYp5+t9TArZj5v4dnY3jF1wHDJNHDfEvm5E3TS8z6VKwL9s2i8xvfi45W9GAeo+o\ngkJUX+EdrtyYVC5d7wBkaPs+K1Pcw6CZglu36qqoDjPGIvYP5Ip5niNLzu71e4Tj\n8fdWIgGLja05Z1CeWQnUVVqMHzrcyreCdGSxmiqzwY5ReuoruDrDtQrRnacZQ31t\nVKPEEm9J3tTgaNjqIJ1SptzN0cAdr4HngbhFr+ypRufaNNv+UcVm073McC1ZXns1\nhrUhjpF7e7EtF8zI3SyMdrMXG2itrKks5jtNdybKqQKBgQDHrjVb21xyBX3ircxC\nujHY+x0mUeKcbkLdJn2luDgXOxyepJljrGrDBvbUop5bekvCTSuHpSTXnasa9Aj9\n42QI+GvJ2j34Wr2H86IaBJeIBtMcgbbPQa1VM7wSHaPyK1azukfqGRbDWmjmsRu9\nQTQWnMT4q5uxO7E/URK7ZVMyWwKBgQDC2pE/c9JH5e6nPUy6qxtDT5g/IU+hYA83\n0wmCMz0zIe6Dvl6yW99vC3toCBzurgWncGYx4vrXFBMEunR2lY+xE4MCXqJ8e6eS\n+hvFCIueCtqsbZGKFWhvVjJTqPoJbEPC2odcRyO/m2mWBUPMFF9KRpaN/u1vRpKf\npfQ2UPIfgwKBgCodzXVddEc8b0vjeoTMfv0UIhbWCKUUAJhiqPfOPk5wEl5Hu26x\njCcsjd1Vm28SAW6vFjJbG8U6pT9fH5JlZtEZjKqblJyQjw9gzN0OAOQZBGgr1+Ip\nKSUib1Wm2NCYYYYxEUAIIKv9osidrIsjeJgYYtdMYt9kBsOjFv9dpMmnAoGALo6g\nw+N9q/Yxhr4r1jJKClQ7UWI5L5rPKAyBqh1qEwyZe9sBr2YqRdMdgmbl2tWzviUq\nFeNhAgDm5mtSpn7n3WyHEgrgkhPNn12pQvPewD1hsG9hpfelg2y6C6lFTPkUW7tx\nOkg5L3AH03OglmOLvSiOkpEF1F+tav3xEwVWRNcCgYEAhlb1eXHMpasnSNxp5GGn\nBtwrMkucP62AjNvp7gciDDOQKfrwQol2p3XHDr7WMrUSVoXZ9QhP/4usujIdB4xw\naZlv2bHHbkXnbfQrR1QEExhk+MfCKjuZ1q90mwE66iOXy69yLUaZUYDxG0SX97Gt\nWlQZwaQLpbmJXnXWNCRQMg8=\n-----END PRIVATE KEY-----","root_cert":"-----BEGIN CERTIFICATE-----\nMIIESzCCAzOgAwIBAgIJAPinMDDbh9UYMA0GCSqGSIb3DQEBCwUAMIGwMQswCQYD\nVQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ\nFgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExMjAwBgNV\nBAoMKXNjLXJkb3BzLXZtMTItZGhjcC0xMTktMTIwLmVuZy52bXdhcmUuY29tMRsw\nGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwHhcNMjAwMjAzMTQzOTE4WhcNMzAw\nMTMxMTQzOTE4WjCBsDELMAkGA1UEAwwCQ0ExFzAVBgoJkiaJk/IsZAEZFgd2c3Bo\nZXJlMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI\nDApDYWxpZm9ybmlhMTIwMAYDVQQKDClzYy1yZG9wcy12bTEyLWRoY3AtMTE5LTEy\nMC5lbmcudm13YXJlLmNvbTEbMBkGA1UECwwSVk13YXJlIEVuZ2luZWVyaW5nMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPCxji6AMd7lv5IzXbmpzik1\nyj7GeGvtXqkfg1WaO200/tUcvgKrYUJln8/EiypkUIJCesaIztPAimAhK6blZDPu\nh1hlKRAcVp5rNf12Wa1Bd6z+puJ4tA8I39bED4yUY+bfaVyo86pFh4DuObEtDJoK\nOnhek59P2ZOM6bQs0AV0jOhL3bvjsjEMQ4ocMzhDDybUJ2FRmp68YwFi2bCKKuLV\nCgP3t+X3DXTdjiZSUICO7mZs/VRgOSw3tt3DvBFiclSH/oIhN+7mUOs0gKoD6a11\nY3i9sHUyULaTe+3/lg4DRF+vv2UZ90l6QOcZsIMt3hoqkCG3ZPhkv0NnxOkcyQID\nAQABo2YwZDAdBgNVHQ4EFgQUcguYRHLZMlS7I+IHEmk1ZZQcbpIwHwYDVR0RBBgw\nFoEOZW1haWxAYWNtZS5jb22HBH8AAAEwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB\n/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBABYgtMn7+S/4LL754it6nDlo\nToey6r1qXCw/KRrfBDk52aoF+VMtSadNp6EAk2AxmX9GtU+ucsqApcjxiPRIooOK\nbly8+/zLVFpbO83M2jGYT9Te/R8sncbPzNCr0KmtSpsPn0BBGGgZitGRBwvYpeeJ\njOalWy2zZHE8eqsP8qSh/Qug5hwBue68YqoyzwYQbiffeIakUl0bG1rXia9+ZIdI\nk+MCU7686vIXd9GUev2gyRptlbjkrn/Wx8KOKkSQx7VM+ahinyx09U1YsU3OR+H8\nrnLzdGnPbwt7igLaAP1uaXLsOxKfCLTpa0N7Z6bmp5E4LhI/uNO8V5xOPRD1jvY=\n-----END CERTIFICATE-----"} }' --url https://<server>/api/vcenter/certificate-management/vcenter/tls/ --header 'vmware-api-session-id:4a0942a047adf40e1f64d46d48283f88'

Intermediate Root Certificates in a CA Certificate Chain

This example illustrates the use case where the CA certificate chain consists of one or more intermediate root certificates and how to order these certificates in the chain. The following list provides an example certificate chain configuration.

CertificateA (Signed by CertificateB)
CertificateB (Signed by CertificateC)
CertificateC (Signed by RootCertificate)
RootCertificate

The following command replaces a certificate (CertificateToReplace) that is signed by the first certificate from the list (CertificateA).

curl -i --insecure -H 'Content-Type:application/json' --request PUT --data-ascii '{"spec":{"cert":"<CertificateToReplace>","key":"<PrivateKey>","root_cert":"<CertificateA>\n<CertificateB>\n<CertificateC>\n<RootCertificate>" }' --url https://<server>/api/vcenter/certificate-management/vcenter/tls/ --header 'vmware-api-session-id:4a0942a047adf40e1f64d46d48283f88'

Replace the TLS Certificate with a VMCA-Signed Certificate

This example replaces the existing TLS certificate with a VMCA-signed certificate.

curl --insecure -H 'Content-Type:application/json' --request POST --data-ascii '{"spec":{"organization": "VMware","organization_unit": "SSO","locality": "PA","state_or_province": "CA","country": "US",email_address":"[email protected]","subject_alt_name":["local.vmware.com,abc.eng.com,192.168.1.1"]}}' --url https://<server>/api/vcenter/certificate-management/vcenter/tls?action=replace-vmca-signed --header 'vmware-api-session-id:819f96e088f3358b4f588cb3932df171'

Create and Add Trusted Root Certificates

This example creates two trusted root certificate chains and publishes them to vCenter Server.

curl --insecure -H 'Content-Type:application/json' --request POST --data-ascii '{"spec":{"cert_chain":{"cert_chain":["-----BEGIN CERTIFICATE-----\nMIIDwjCCAqqgAwIBAgIJAI1OflMjc0LfMA0GCSqGSIb3DQEBCwUAMHYxCzAJBgNV\nBAYTAklOMQswCQYDVQQIDAJLQTEMMAoGA1UEBwwDQkxSMQ8wDQYDVQQKDAZWTXdh\ncmUxDDAKBgNVBAsMA1NTTzEMMAoGA1UEAwwDQ0ExMR8wHQYJKoZIhvcNAQkBFhBz\naWduMUB2bXdhcmUuY29tMB4XDTE5MDEwMjA2MTIyMloXDTI4MTIzMDA2MTIyMlow\ndjELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAktBMQwwCgYDVQQHDANCTFIxDzANBgNV\nBAoMBlZNd2FyZTEMMAoGA1UECwwDU1NPMQwwCgYDVQQDDANDQTExHzAdBgkqhkiG\n9w0BCQEWEHNpZ24xQHZtd2FyZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\nggEKAoIBAQDHuDDoAyGj6FGLZOIxMEK7oO2LhbfGbIbBiXTR5WWSkTsmsxy0Vge5\nhbVEkGW2OjgIxvmqBC/nVeH1b4gTJAZFmJ6lrh6Ri8HC5cyIePVJkz/PR08SbKmy\nmagd02N6ZqBgMEr3eQ2NTtqUOutvphRT5f+fyGKL5uPjOrhNn6v8GDrIF4wUY6aV\nWYDG6Mcay/cv814PZoTIJa0juIEfJXzOO0gxzAY6Jwi6k3DmLkps7zFErRbWUwYR\niaa46LKRHRlX71h0gsWfx7TNdCvQ8emiPXsYsqUkOy9+MSfr3CsQcPzNy8qDbImt\ngK6z2T4vvV7r5Iir5srD7yyWm5rKmtFDAgMBAAGjUzBRMB0GA1UdDgQWBBSv6kwh\nVWkFQ/se4wRz3PayMJTjgzAfBgNVHSMEGDAWgBSv6kwhVWkFQ/se4wRz3PayMJTj\ngzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC2yEXM2fTCYRvh\noD40MrDLK/g+mKSixvsXtebTga47fHi8LxnT6KXGc44ZMT/HTSzwk2alYG8EXHK1\nFZeNNFnhYmS24DLgrCq+9p/yThotbfWe6vaUZ87jgbAP9HRAsq/9HYW3s0lUBD4i\ne/FZrBGRjgdtXVQ0tm5N6TVRQq2IwVPQ3niv36KLFu9MmAMhlIIZ3y8sX4Bha13q\nmhOCM74/qw4d88kGgq9lnebpwhmmXl5IOScZX39gJpsgpWQ4a1lhOTWWLT5NYu3z\nxiS9Jc1hr0PWtKE5eWSVu6mMmEx9Tqov/KKMRBCP/pp4aHyn0NlWFtHl7MtWrGC7\nohzPCShe\n-----END CERTIFICATE-----","-----BEGIN CERTIFICATE-----\nMIID5jCCAs6gAwIBAgIBCDANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJJTjEL\nMAkGA1UECAwCS0ExDDAKBgNVBAcMA0JMUjEPMA0GA1UECgwGVk13YXJlMQwwCgYD\nVQQLDANTU08xDDAKBgNVBAMMA0NBMTEfMB0GCSqGSIb3DQEJARYQc2lnbjFAdm13\nYXJlLmNvbTAeFw0xOTAxMDIwNjE3MDZaFw0yNDA2MjQwNjE3MDZaMGgxCzAJBgNV\nBAYTAklOMQswCQYDVQQIDAJLQTEPMA0GA1UECgwGVk13YXJlMQwwCgYDVQQLDANT\nU08xDDAKBgNVBAMMA0NBMjEfMB0GCSqGSIb3DQEJARYQc2lnbjJAdm13YXJlLmNv\nbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3s5ycFPQmgffQmZKaE\nM/0ymZgh/Kz3txTmWpAiEPGpGdrulDfwubDEbOXfHtsWfcvj48iDa6Nn4g5bNrej\naMoBEIKd0WeV9fwnL/i2wYFiKKhLYiWaHDm5BT79YVaBLEMK6BL/9wc2FoUI2vEf\nQyVSuDuKWSrwx3gB2IFC2q7BpzT3kgq1HmWKVA52nFpMgbe1zlRy9sV08bBTybMO\nzm/Z0c4+a5Y0P1fO6ThiCF+92s0jMow0Bm96qN3nQm6lMgbcY+5um7RgOuBY4iSF\nKTblVDMS/rZAQkPwcP/E8AxcywRazx46awCfe3NAasiVBuI/iADc63SmYs+z+0cS\n8qECAwEAAaOBjDCBiTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAsBglghkgB\nhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE\nFDexYpQDPTkuYf9M47ILnGOg5Fh/MB8GA1UdIwQYMBaAFK/qTCFVaQVD+x7jBHPc\n9rIwlOODMA0GCSqGSIb3DQEBCwUAA4IBAQAMKy6fM7ldYf/IlMSR/0zH4gTauR8Z\nERXkRD65SXa9YgOkp/U59mhlGsfxeAze47jXjD7GNTNpLogYFQkXP9yrIpyYKjRP\n0I8zo8faY/9hEJn2pHZTaYKgZICw0rlfCwGF/so1cxnkocoIsmA56lMPT5xcmyFc\nkvwEBgTb8WgXUTnR0MA20puGI8aaXsAHOwQYM8nexvrfSbJADYJtcG73YqjswNYk\niloSd/uslyhmvb1HVyix794SxAIEybs177ijKOxdicq3XogaeGhOIymvDcCv/55J\n5FgJY341cCZmESPyC1GkuX52OSoZartB1jhSd5cKKlaLobFbTTajs9oa\n-----END CERTIFICATE-----"]}}}' --url https://<server>/api/vcenter/certificate-management/vcenter/trusted-root-chains/ --header 'vmware-api-session-id:e594038d4c1023afe86b2c14b0b741f0'

List the Trusted Root Certificates

This example lists the IDs of all trusted root certificates that are published to vCenter Server.

curl --insecure --request GET --url https://<server>/api/vcenter/certificate-management/vcenter/trusted-root-chains/ --header 'vmware-api-session-id: e594038d4c1023afe86b2c14b0b741f0'

Get Trusted Root Certificate Information

This example retrieves information about a trusted root certificate with ID AFEA4C2155690543FB1EE30473DCF6B23094E383.

curl --insecure --request GET --url https://<server>/api/vcenter/certificate-management/vcenter/trusted-root-chains/AFEA4C2155690543FB1EE30473DCF6B23094E383 --header 'vmware-api-session-id: e594038d4c1023afe86b2c14b0b741f0'

Delete a Trusted Root Certificate

This example deletes the trusted root certificate with ID AFEA4C2155690543FB1EE30473DCF6B23094E383.

curl --insecure --request DELETE --url https://<server>/api/vcenter/certificate-management/vcenter/trusted-root-chains/AFEA4C2155690543FB1EE30473DCF6B23094E383 --header 'vmware-api-session-id: e594038d4c1023afe86b2c14b0b741f0'

Replace the Root Certificate

This example resets the VMCA root certificate by generating a new one. When you reset the VMCA root certificate, the TLS and solution user certificates are automatically regenerated by using the new VMCA certificate.

curl --insecure -H ‘Content-Type:application/json’ --request POST --url https://<server>/api/vcenter/certificate-management/vcenter/vmca-root/ --header ‘vmware-api-session-id:1a0e5a003faa646e7fe7bf19f4baff96’