VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Add a Root Certificate to
vCenter Server

You can use the
Certificate Management vCenter Trusted Root Chains
 interface to add, delete and read trusted root certificate chains.
  • Verify that you are connected to a
    vSphere Automation
     API server.
  • Verify that the root certificate or certificate chain you want to add is available on your machine.
  • Verify that you have the required privileges:
    CertificateManagement
    Manage
     and
    CertificateManagement
    Administer
    .
If you want to use an enterprise or third-party certificate authority (CA) for certificate management of your vSphere environment, you must first establish trust with that CA. You can do this by adding the root certificate of the external CA to the trusted root store of your
vCenter Server
 system.
Adding a root certificate or certificate chain to the
vCenter Server
 trusted certificate store establishes trust with an enterprise or third-party certificate authority. You can add a root certificate to
vCenter Server
 as a prerequisite for other scenarios such as setting a third-party or enterprise machine SSL certificate.
  1. Retrieve the root certificates on your
    vCenter Server
     system.
    GET 
    https://
    <vcenter_ip_address_or_fqdn>
    /api/vcenter/certificate-management/vcenter/trusted-root-chains
  2. Populate the
    TrustedRootChains.CreateSpec
     data structure.
    Parameter
    Type
    Description
    cert_chain
    String
    Certificate or certificate chain in base64 encoding. The input must be JSON string escaped for newline (\n).
  3. Add the certificate or certificate chain.
    POST 
    https://
    <vcenter_ip_address_or_fqdn>
    /api/vcenter/certificate-management/vcenter/trusted-root-chains
    If the operation is successful, the system returns the unique identifier of the trusted root certificate you added.

Content feedback and comments