VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Add a Root Certificate to
vCenter Server

You can use the
TrustedRootChains
 interface to add, delete and read trusted root certificate chains.
  • Verify that the root certificate or certificate chain you want to add is available on your machine.
  • Verify that you have the required privileges:
    CertificateManagement
    Manage
     and
    CertificateManagement
    Administer
    .
If you want to use an enterprise or third-party certificate authority (CA) for certificate management of your vSphere environment, you must first establish trust with that CA. You can do this by adding the root certificate of the external CA to the trusted root store of your
vCenter Server
 system.
Adding a root certificate or certificate chain to the
vCenter Server
 trusted certificate store establishes trust with an enterprise or third-party certificate authority. You can add a root certificate to
vCenter Server
 as a prerequisite for other scenarios such as setting a third-party or enterprise machine SSL certificate.
  1. Retrieve the root certificates on your
    vCenter Server
     system by calling the
    list
     function of the
    TrustedRootChains
     interface.
  2. Create a
    X509CertChain
     instance with the root certificate you want to add.
  3. Create a specification with the new
    X509CertChain
     instance.
  4. To add the root certificate, call the
    create
     function of the
    TrustedRootChains
     interface.
If the operation is successful, the system returns the unique identifier of the trusted root certificate you added.
Python
This example shows how to add a root certificate or certificate chain to your
vCenter Server
 system. The example is based on the code in the
trusted_root_chains_create.py
 sample file.
For related code samples, see the
vsphere-automation-sdk-python
 VMware repository at GitHub. 
"""
Description: Demonstrates the import of the TRUSTED ROOT CHAIN into vCenter
Sample Prerequisites:
- The user invoking the API should have the CertificateManagement.Manage or the
CertificateManagement.Administer privilege
"""

parser = sample_cli.build_arg_parser()


parser.add_argument('--certchain',
                    required=True,
                    help='The certificate chain to be imported into vCenter.')

args = sample_util.process_cli_args(parser.parse_args())

session = requests.session()
session.verify = False if args.skipverification else True

# Login to vCenter
vsphere_client = create_vsphere_client(server=args.server,
                                       username=args.username,
                                       password=args.password,
                                       session=session)

cert_chain = args.certchain.encode(encoding='utf-8').decode('unicode_escape').split(',')

"""
Creation of the spec for input to the API
"""
x509_cert_chain = X509CertChain(cert_chain=cert_chain)
cert_chain = TrustedRootChains.CreateSpec(cert_chain=x509_cert_chain)

print('The alias of the certificate chain successfully imported into vCenter listed below ')
print(vsphere_client.vcenter.certificate_management.vcenter.TrustedRootChains.create(cert_chain))

Content feedback and comments