Add a Root Certificate to vCenter
Server
vCenter
Server
You can use the
TrustedRootChains
interface to add, delete and read
trusted root certificate chains.- Verify that the root certificate or certificate chain you want to add is available on your machine.
- Verify that you have the required privileges:and .
If you want to use an enterprise or
third-party certificate authority (CA) for certificate management of your vSphere
environment, you must first establish trust with that CA. You can do this by adding
the root certificate of the external CA to the trusted root store of your
vCenter
Server
system.Adding a root certificate or certificate
chain to the
vCenter Server
trusted
certificate store establishes trust with an enterprise or third-party certificate
authority. You can add a root certificate to vCenter
Server
as a prerequisite for other scenarios such as setting a
third-party or enterprise machine SSL certificate.- Retrieve the root certificates on yourvCenter Serversystem by calling thelistfunction of theTrustedRootChainsinterface.
- Create aX509CertChaininstance with the root certificate you want to add.
- Create a specification with the newX509CertChaininstance.
- To add the root certificate, call thecreatefunction of theTrustedRootChainsinterface.
If the operation is successful, the
system returns the unique identifier of the trusted root certificate you added.
- Python
- This example shows how to add a root certificate or certificate chain to yourvCenter Serversystem. The example is based on the code in thetrusted_root_chains_create.pysample file.For related code samples, see thevsphere-automation-sdk-pythonVMware repository at GitHub.""" Description: Demonstrates the import of the TRUSTED ROOT CHAIN into vCenter Sample Prerequisites: - The user invoking the API should have the CertificateManagement.Manage or the CertificateManagement.Administer privilege """ parser = sample_cli.build_arg_parser() parser.add_argument('--certchain', required=True, help='The certificate chain to be imported into vCenter.') args = sample_util.process_cli_args(parser.parse_args()) session = requests.session() session.verify = False if args.skipverification else True # Login to vCenter vsphere_client = create_vsphere_client(server=args.server, username=args.username, password=args.password, session=session) cert_chain = args.certchain.encode(encoding='utf-8').decode('unicode_escape').split(',') """ Creation of the spec for input to the API """ x509_cert_chain = X509CertChain(cert_chain=cert_chain) cert_chain = TrustedRootChains.CreateSpec(cert_chain=x509_cert_chain) print('The alias of the certificate chain successfully imported into vCenter listed below ') print(vsphere_client.vcenter.certificate_management.vcenter.TrustedRootChains.create(cert_chain))