REST API - create

vcenter certificate management vcenter vmca root: create

Replace Root Certificate with VMCA signed one using the given Spec.

After this operation completes, the services using the certificate will be restarted for the new certificate to take effect.

. This operation was added in vSphere API 6.9.1.

Request:

HTTP request

POST https://{server}/rest/vcenter/certificate-management/vcenter/vmca-root

Request Body Structure:

{
    "spec"{
        "state_or_province""string",
        "country""string",
        "email_address""string",
        "organization""string",
        "locality""string",
        "subject_alt_name"[
            "string",
            "string"
        ],
        "common_name""string",
        "key_size"1,
        "organization_unit""string"
    }
}

Request Body Parameters:

Name Type Description
bold = required
spec create_spec Optional. The information needed to generate VMCA signed Root Certificate.
spec.key_size long The size of the key to be used for public and private key generation. This attribute was added in vSphere API 6.9.1.

Optional. If unset the key size will be 2048.

spec.common_name string The common name of the host for which certificate is generated. This attribute was added in vSphere API 6.9.1.

Optional. If unset the common name will be the primary network identifier (PNID) of the vCenter Virtual Server Appliance (VCSA).

spec.organization string Organization field in certificate subject. This attribute was added in vSphere API 6.9.1.

Optional. If unset the organization will be 'VMware'.

spec.organization_unit string Organization unit field in certificate subject. This attribute was added in vSphere API 6.9.1.

Optional. If unset the organization unit will be 'VMware Engineering'.

spec.locality string Locality field in certificate subject. This attribute was added in vSphere API 6.9.1.

Optional. If unset the locality will be 'Palo Alto'.

spec.state_or_province string State field in certificate subject. This attribute was added in vSphere API 6.9.1.

Optional. If unset the state will be 'California'.

spec.country string Country field in certificate subject. This attribute was added in vSphere API 6.9.1.

Optional. If unset the country will be 'US'.

spec.email_address string Email field in Certificate extensions. This attribute was added in vSphere API 6.9.1.

Optional. If unset the emailAddress will be 'email@acme.com'.

spec.subject_alt_name string[] SubjectAltName is list of Dns Names and Ip addresses. This attribute was added in vSphere API 6.9.1.

Optional. If unset PNID of host will be used as IPAddress or Hostname for certificate generation.

Response:

HTTP Status Code: 200

None

Errors:

HTTP Status Code Type Description
500 error If the system failed to renew the TLS certificate.