Managing certificates with the Tanzu Operations Manager API

This topic describes how you can use VMware Tanzu Operations Manager API endpoints to manage and retrieve information about certificates in your Tanzu Operations Manager deployment. For more information about the Tanzu Operations Manager API endpoints for managing certificates, see the Tanzu Operations Manager API documentation.

Prerequisites

To use the Tanzu Operations Manager API, you must generate an access token by authenticating with the Tanzu Operations Manager user account and authentication (UAA) server.

For more information about authenticating with UAA, see Using the Tanzu Operations Manager API.

Generate a single RSA certificate

To generate and retrieve a new RSA certificate signed by the root certificate authority (CA):

Run:
```
curl "https://OPS-MANAGER-FQDN/api/v0/certificates/generate" \
      -X POST \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -i
```
Where:
- OPS-MANAGER-FQDN is the fully-qualified domain name (FQDN) of your Tanzu Operations Manager deployment.
- UAA-ACCESS-TOKEN is your Tanzu Operations Manager access token without any newline characters such as \n.

Retrieve the Tanzu Operations Manager root CA

You can view the Tanzu Operations Manager root CA as a file or in JSON format.

Retrieve the Tanzu Operations Manager root CA as a file through the Tanzu Operations Manager UI

To retrieve the Tanzu Operations Manager root CA as a file through the Tanzu Operations Manager UI:

Go to the Tanzu Operations Manager Installation Dashboard.
From the account menu drop-down menu, select Settings.
Click Advanced Options.
Click Download Root CA Cert. Your browser downloads the Tanzu Operations Manager root CA certificate file.

Retrieve the Tanzu Operations Manager root CA as a file through the Tanzu Operations Manager API

To retrieve the Tanzu Operations Manager root CA as a file through the Tanzu Operations Manager API:

Run:
```
curl "https://OPS-MANAGER-FQDN/download_root_ca_cert" \
      -X GET \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -i
```
Where:
- OPS-MANAGER-FQDN is the FQDN of your Tanzu Operations Manager deployment.
- UAA-ACCESS-TOKEN is your Tanzu Operations Manager access token without any newline characters such as \n.

Retrieve the Tanzu Operations Manager root CA in JSON format

To retrieve the Tanzu Operations Manager root CA in JSON format:

Run:
```
curl "https://OPS-MANAGER-FQDN/api/v0/security/root_ca_certificate" \
      -X GET \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -i
```
Where:
- OPS-MANAGER-FQDN is the FQDN of your Tanzu Operations Manager deployment.
- UAA-ACCESS-TOKEN is your Tanzu Operations Manager access token without any newline characters such as \n.

List all RSA certificates

To view metadata from all deployed RSA certificates visible to Tanzu Operations Manager, including the root CA and certificates that Tanzu Operations Manager stores in CredHub:

Run:
```
curl "https://OPS-MANAGER-FQDN/api/v0/deployed/certificates" \
      -X GET \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -i
```
Where:
- OPS-MANAGER-FQDN is the FQDN of your Tanzu Operations Manager deployment.
- UAA-ACCESS-TOKEN is your Tanzu Operations Manager access token without any newline characters such as \n.