HTTP Requests for Certificate Management

You can use HTTP requests to generate a CSR, retrieve, renew, or replace certificates, retrieve, create, or delete trusted root certificate chains, and replace the VMCA root certificate.

HTTP Requests

The following HTTP requests show the syntax that you can use to perform the available user operations.

Note: Before you send requests, you must authenticate with administrator credentials.
  • Generate a CSR 
    POST https://<server>/api/vcenter/certificate-management/vcenter/tls-csr
  • Get TLS certificate
    GET https://<server>/api/vcenter/certificate-management/vcenter/tls
  • Renew TLS certificate
    POST https://<server>/api/vcenter/certificate-management/vcenter/tls?action=renew
  • Replace TLS certificate with a custom signed certificate
    PUT https://<server>/api/vcenter/certificate-management/vcenter/tls
  • Replace TLS certificate with a VMCA-signed certificate
    POST https://<server>/api/vcenter/certificate-management/vcenter/tls?action=replace-vmca-signed
  • Create a trusted root certificate chain 
    POST https://<server>/api/vcenter/certificate-management/vcenter/trusted-root-chains
  • List trusted root certificates 
    GET https://<server>/api/vcenter/certificate-management/vcenter/trusted-root-chains
  • Get trusted root certificate information 
    GET https://<server>/api/vcenter/certificate-management/vcenter/trusted-root-chains/{chain}
  • Delete a trusted root certificate 
    DELETE https://<server>/api/vcenter/certificate-management/vcenter/trusted-root-chains/{chain}
  • Replace the VMCA root certificate
    POST https://<server>/api/vcenter/certificate-management/vcenter/vmca-root

For information about the content and syntax of the HTTP request body, see the API Reference documentation.

HTTP Status Codes

HTTP Status Codes lists the status codes that you can receive when you send HTTP requests.

Table 1. HTTP Status Codes
HTTP Status Code Description Operations that Return the Status Code
200 The operation is successful. All operations. You can check the returned data in the results data structure.
400 The operation is unsuccessful.
  • Generate a CSR
  • Get TLS certificate
  • Renew TLS certificate
  • Replace TLS certificate with a custom signed certificate
  • Replace TLS certificate with a VMCA-signed certificate
  • Create a trusted root certificate chain
  • Replace the VMCA root certificate
403 There is an authorization issue.
  • Create a trusted root certificate chain
  • List trusted root certificates
  • Get trusted root certificate information
  • Delete a trusted root certificate
404 The object you are trying to perform an operation on is missing.
  • Get TLS certificate
  • Replace TLS certificate with a custom signed certificate
  • Get trusted root certificate information
  • Delete a trusted root certificate