com.vmware.vcenter.certificate_management package¶
Submodules¶
com.vmware.vcenter.certificate_management.vcenter_client module¶
The com.vmware.vcenter.certificate_management.vcenter_client
module
provides classes to manage certificates.
-
class
com.vmware.vcenter.certificate_management.vcenter_client.
StubFactory
(stub_config)¶ Bases:
vmware.vapi.bindings.stub.StubFactoryBase
Initialize StubFactoryBase
- Parameters
stub_config (
vmware.vapi.bindings.stub.StubConfiguration
) – Stub config instance
-
class
com.vmware.vcenter.certificate_management.vcenter_client.
Tls
(config)¶ Bases:
vmware.vapi.bindings.stub.VapiInterface
The
Tls
interface provides methods to replace Tls certificate. This class was added in vSphere API 6.7.2.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
-
class
Info
(version=None, serial_number=None, signature_algorithm=None, issuer_dn=None, valid_from=None, valid_to=None, subject_dn=None, thumbprint=None, is_ca=None, path_length_constraint=None, key_usage=None, extended_key_usage=None, subject_alternative_name=None, authority_information_access_uri=None, cert=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Tls.Info
class contains information from a TLS certificate. This class was added in vSphere API 6.7.2.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
version (
long
) – Version (version number) value from the certificate. This attribute was added in vSphere API 6.7.2.serial_number (
str
) – SerialNumber value from the certificate. This attribute was added in vSphere API 6.7.2.signature_algorithm (
str
) – Signature algorithm name from the certificate. This attribute was added in vSphere API 6.7.2.issuer_dn (
str
) – Issuer (issuer distinguished name) value from the certificate. This attribute was added in vSphere API 6.7.2.valid_from (
datetime.datetime
) – validFrom specify the start date of the certificate. This attribute was added in vSphere API 6.7.2.valid_to (
datetime.datetime
) – validTo specify the end date of the certificate. This attribute was added in vSphere API 6.7.2.subject_dn (
str
) – Subject (subject distinguished name) value from the certificate. This attribute was added in vSphere API 6.7.2.thumbprint (
str
) – Thumbprint value from the certificate. This attribute was added in vSphere API 6.7.2.is_ca (
bool
) – Certificate constraints isCA from the critical BasicConstraints extension, (OID = 2.5.29.19). This attribute was added in vSphere API 6.7.2.path_length_constraint (
long
) – Certificate constraints path length from the critical BasicConstraints extension, (OID = 2.5.29.19). This attribute was added in vSphere API 6.7.2.key_usage (
list
ofstr
) – Collection of keyusage contained in the certificate. This attribute was added in vSphere API 6.7.2.extended_key_usage (
list
ofstr
) – Collection of extended keyusage that contains details for which the certificate can be used for. This attribute was added in vSphere API 6.7.2.subject_alternative_name (
list
ofstr
) – Collection of subject alternative names. This attribute was added in vSphere API 6.7.2.authority_information_access_uri (
list
ofstr
) – Collection of authority information access URI. This attribute was added in vSphere API 6.7.2.cert (
str
) – TLS certificate in PEM format. This attribute was added in vSphere API 6.7.2.
-
class
ReplaceSpec
(key_size=None, common_name=None, organization=None, organization_unit=None, locality=None, state_or_province=None, country=None, email_address=None, subject_alt_name=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Tls.ReplaceSpec
class contains information to generate a Private Key , CSR and hence VMCA signed machine SSL. This class was added in vSphere API 6.7.2.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
key_size (
long
orNone
) – The size of the key to be used for public and private key generation. This attribute was added in vSphere API 6.7.2. If None the key size will be ‘2048’.common_name (
str
orNone
) – The common name of the host for which certificate is generated. This attribute was added in vSphere API 6.7.2. If None will default to PNID of host.organization (
str
) – Organization field in certificate subject. This attribute was added in vSphere API 6.7.2.organization_unit (
str
) – Organization unit field in certificate subject. This attribute was added in vSphere API 6.7.2.locality (
str
) – Locality field in certificate subject. This attribute was added in vSphere API 6.7.2.state_or_province (
str
) – State field in certificate subject. This attribute was added in vSphere API 6.7.2.country (
str
) – Country field in certificate subject. This attribute was added in vSphere API 6.7.2.email_address (
str
) – Email field in Certificate extensions. This attribute was added in vSphere API 6.7.2.subject_alt_name (
list
ofstr
orNone
) – SubjectAltName is list of Dns Names and Ip addresses. This attribute was added in vSphere API 6.7.2. If None PNID of host will be used as IPAddress or Hostname for certificate generation .
-
class
Spec
(cert=None, key=None, root_cert=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Tls.Spec
class contains information for a Certificate and Private Key. This class was added in vSphere API 6.7.2.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
cert (
str
) – Certificate string in PEM format. This attribute was added in vSphere API 6.7.2.key (
str
orNone
) – Private key string in PEM format. This attribute was added in vSphere API 6.7.2. If None the private key from the certificate store will be used. It is required when replacing the certificate with a third party signed certificate.root_cert (
str
orNone
) – Third party Root CA certificate in PEM format. This attribute was added in vSphere API 6.9.1. If None the new third party root CA certificate will not be added to the trust store. It is required when replacing the certificate with a third party signed certificate if the root certificate of the third party is not already a trusted root.
-
get
()¶ Returns the rhttpproxy TLS certificate. This method was added in vSphere API 6.7.2.
- Return type
- Returns
TLS certificate.
- Raise
com.vmware.vapi.std.errors_client.NotFound
if the rhttpproxy certificate is not present in VECS store.- Raise
com.vmware.vapi.std.errors_client.Error
if failed due to generic exception.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
System.Read
.
-
renew
(duration=None)¶ Renews the TLS certificate for the given duration period.
After this method completes, the services using the certificate will be restarted for the new certificate to take effect.. This method was added in vSphere API 6.7.2.
- Parameters
duration (
long
orNone
) – The duration (in days) of the new TLS certificate. The duration should be less than or equal to 730 days. If None, the duration will be 730 days (two years).- Raise
com.vmware.vapi.std.errors_client.Unsupported
If the TLS certificate is not VMCA generated.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If the duration period specified is invalid.- Raise
com.vmware.vapi.std.errors_client.Error
If the system failed to renew the TLS certificate.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
CertificateManagement.Administer
.
-
replace_vmca_signed
(spec)¶ Replace MACHINE SSL with VMCA signed one with the given Spec.The system will go for restart.
After this method completes, the services using the certificate will be restarted for the new certificate to take effect.. This method was added in vSphere API 6.9.1.
- Parameters
spec (
Tls.ReplaceSpec
) – The information needed to generate VMCA signed Machine SSL- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If the Spec given is not complete or invalid- Raise
com.vmware.vapi.std.errors_client.Error
If the system failed to replace the machine ssl certificate- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
CertificateManagement.Administer
.
-
set
(spec)¶ Replaces the rhttpproxy TLS certificate with the specified certificate. This method can be used in three scenarios :
When the CSR is created and the private key is already stored, this method can replace the certificate. The
Tls.Spec.cert
(but notTls.Spec.key
andTls.Spec.root_cert
) must be provided as input.When the certificate is signed by a third party certificate authority/VMCA and the root certificate of the third party certificate authority/VMCA is already one of the trusted roots in the trust store, this method can replace the certificate and private key. The
Tls.Spec.cert
andTls.Spec.key
(but notTls.Spec.root_cert
) must be provided as input.When the certificate is signed by a third party certificate authority and the root certificate of the third party certificate authority is not one of the trusted roots in the trust store, this method can replace the certificate, private key and root CA certificate. The
Tls.Spec.cert
,:attr:Tls.Spec.key andTls.Spec.root_cert
must be provided as input.
After this method completes, the services using the certificate will be restarted for the new certificate to take effect.
The above three scenarios are only supported from vsphere 7.0 onwards.. This method was added in vSphere API 6.7.2.
- Parameters
spec (
Tls.Spec
) – The information needed to replace the TLS certificate.- Raise
com.vmware.vapi.std.errors_client.NotFound
If the private key is not present in the VECS store.- Raise
com.vmware.vapi.std.errors_client.AlreadyExists
If the specified certificate thumbprint is the same as the existing TLS certificate thumbprint.- Raise
com.vmware.vapi.std.errors_client.Error
If the system failed to replace the TLS certificate.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
CertificateManagement.Administer
.
-
class
com.vmware.vcenter.certificate_management.vcenter_client.
TlsCsr
(config)¶ Bases:
vmware.vapi.bindings.stub.VapiInterface
The
TlsCsr
interface provides methods to generate certificate signing request. This class was added in vSphere API 6.7.2.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
-
class
Info
(csr=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
TlsCsr.Info
class contains information for a Certificate signing request. This class was added in vSphere API 6.7.2.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
csr (
str
) – Certificate Signing Request in PEM format. This attribute was added in vSphere API 6.7.2.
-
class
Spec
(key_size=None, common_name=None, organization=None, organization_unit=None, locality=None, state_or_province=None, country=None, email_address=None, subject_alt_name=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
TlsCsr.Spec
class contains information to generate a Private Key and CSR. This class was added in vSphere API 6.7.2.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
key_size (
long
orNone
) – This attribute was added in vSphere API 6.7.2. keySize will take 2048 bits if not modified.common_name (
str
orNone
) – This attribute was added in vSphere API 6.7.2. commonName will take PNID if not modified.organization (
str
) – Organization field in certificate subject. This attribute was added in vSphere API 6.7.2.organization_unit (
str
) – Organization unit field in certificate subject. This attribute was added in vSphere API 6.7.2.locality (
str
) – Locality field in certificate subject. This attribute was added in vSphere API 6.7.2.state_or_province (
str
) – State field in certificate subject. This attribute was added in vSphere API 6.7.2.country (
str
) – Country field in certificate subject. This attribute was added in vSphere API 6.7.2.email_address (
str
) – Email field in Certificate extensions. This attribute was added in vSphere API 6.7.2.subject_alt_name (
list
ofstr
orNone
) – This attribute was added in vSphere API 6.7.2. subjectAltName is list of Dns Names and Ip addresses
-
create
(spec)¶ Generates a CSR with the given Spec. This method was added in vSphere API 6.7.2.
- Parameters
spec (
TlsCsr.Spec
) – The information needed to create a CSR.- Return type
- Returns
A Certificate Signing Request.
- Raise
com.vmware.vapi.std.errors_client.Error
If CSR could not be created for given spec for a generic error.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
CertificateManagement.Manage
andCertificateManagement.Administer
.
-
class
com.vmware.vcenter.certificate_management.vcenter_client.
TrustedRootChains
(config)¶ Bases:
vmware.vapi.bindings.stub.VapiInterface
The
TrustedRootChains
interface provides methods to create, modify, delete and read trusted root certificate chains. This class was added in vSphere API 6.7.2.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
-
class
CreateSpec
(cert_chain=None, chain=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
TrustedRootChains.CreateSpec
class contains information to create a trusted root certificate chain. This class was added in vSphere API 6.7.2.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
cert_chain (
com.vmware.vcenter.certificate_management_client.X509CertChain
) – Certificate chain in base64 encoding. This attribute was added in vSphere API 6.7.2.chain (
str
orNone
) – Unique identifier for this trusted root. Client can specify at creation as long as it is unique, otherwise one will be generated. An example of a client providing the identifier would be if this trusted root is associated with a VC trust. In this case the identifier would be the domain id. This attribute was added in vSphere API 6.7.2. A unique id will be generated if not given.
-
class
Info
(cert_chain=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
TrustedRootChains.Info
class contains information for a trusted root certificate chain. This class was added in vSphere API 6.7.2.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
cert_chain (
com.vmware.vcenter.certificate_management_client.X509CertChain
) – A certificate chain in base64 encoding. This attribute was added in vSphere API 6.7.2.
-
class
Summary
(chain=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
TrustedRootChains.Summary
class contains a trusted root certificate chain summary suitable for UI presentation. This class was added in vSphere API 6.7.2.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
chain (
str
) – Unique identifier for chain. This attribute was added in vSphere API 6.7.2.
-
create
(spec)¶ Creates a new trusted root certificate chain from the CreateSpec. This method was added in vSphere API 6.7.2.
- Parameters
spec (
TrustedRootChains.CreateSpec
) – The information needed to create a trusted root certificate chain.- Return type
str
- Returns
The unique identifier for the new trusted root chain.
- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if authorization is not given to caller.- Raise
com.vmware.vapi.std.errors_client.AlreadyExists
if a trusted root certificate chain exists with id in given spec.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
CertificateManagement.Manage
andCertificateManagement.Administer
.
-
delete
(chain)¶ Deletes trusted root certificate chain for a given identifier. This method was added in vSphere API 6.7.2.
- Parameters
chain (
str
) – Unique identifier for a trusted root cert chain.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if authorization is not given to caller.- Raise
com.vmware.vapi.std.errors_client.NotFound
if a trusted root certificate chain does not exist for given id.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
CertificateManagement.Manage
andCertificateManagement.Administer
.
-
get
(chain)¶ Retrieve a trusted root certificate chain for a given identifier. This method was added in vSphere API 6.7.2.
- Parameters
chain (
str
) – Unique identifier for a trusted root cert chain.- Return type
- Returns
TrustedRootChain.
- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if authorization is not given to caller.- Raise
com.vmware.vapi.std.errors_client.NotFound
if a trusted root certificate chain does not exist for given id.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
System.Read
.
-
list
()¶ Returns summary information for each trusted root certificate chain. This method was added in vSphere API 6.7.2.
- Return type
- Returns
List of trusted root certificate chains summaries.
- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if authorization is not given to caller.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
System.Read
.
-
class
com.vmware.vcenter.certificate_management.vcenter_client.
VmcaRoot
(config)¶ Bases:
vmware.vapi.bindings.stub.VapiInterface
The
VmcaRoot
interface provides methods to replace VMware Certificate Authority (VMCA) root certificate. This class was added in vSphere API 6.9.1.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
-
class
CreateSpec
(key_size=None, common_name=None, organization=None, organization_unit=None, locality=None, state_or_province=None, country=None, email_address=None, subject_alt_name=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
VmcaRoot.CreateSpec
contains information. to generate a Private Key and CSR. This class was added in vSphere API 6.9.1.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
key_size (
long
orNone
) – The size of the key to be used for public and private key generation. This attribute was added in vSphere API 6.9.1. If None the key size will be 2048.common_name (
str
orNone
) – The common name of the host for which certificate is generated. This attribute was added in vSphere API 6.9.1. If None the common name will be the primary network identifier (PNID) of the vCenter Virtual Server Appliance (VCSA).organization (
str
orNone
) – Organization field in certificate subject. This attribute was added in vSphere API 6.9.1. If None the organization will be ‘VMware’.organization_unit (
str
orNone
) – Organization unit field in certificate subject. This attribute was added in vSphere API 6.9.1. If None the organization unit will be ‘VMware Engineering’.locality (
str
orNone
) – Locality field in certificate subject. This attribute was added in vSphere API 6.9.1. If None the locality will be ‘Palo Alto’.state_or_province (
str
orNone
) – State field in certificate subject. This attribute was added in vSphere API 6.9.1. If None the state will be ‘California’.country (
str
orNone
) – Country field in certificate subject. This attribute was added in vSphere API 6.9.1. If None the country will be ‘US’.email_address (
str
orNone
) – Email field in Certificate extensions. This attribute was added in vSphere API 6.9.1. If None the emailAddress will be ‘email\@acme.com’.subject_alt_name (
list
ofstr
orNone
) – SubjectAltName is list of Dns Names and Ip addresses. This attribute was added in vSphere API 6.9.1. If None PNID of host will be used as IPAddress or Hostname for certificate generation.
-
create
(spec=None)¶ Replace Root Certificate with VMCA signed one using the given Spec.
After this method completes, the services using the certificate will be restarted for the new certificate to take effect.. This method was added in vSphere API 6.9.1.
- Parameters
spec (
VmcaRoot.CreateSpec
orNone
) – The information needed to generate VMCA signed Root Certificate. Default values will be set for all null parameters.- Raise
com.vmware.vapi.std.errors_client.Error
If the system failed to renew the TLS certificate.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
CertificateManagement.Administer
.