This topic describes how you can use VMware Tanzu Operations Manager API endpoints to manage and retrieve information about certificates in your Tanzu Operations Manager deployment. For more information about the Tanzu Operations Manager API endpoints for managing certificates, see the Tanzu Operations Manager API documentation.
To use the Tanzu Operations Manager API, you must generate an access token by authenticating with the Tanzu Operations Manager user account and authentication (UAA) server.
For more information about authenticating with UAA, see Using the Tanzu Operations Manager API.
To generate and retrieve a new RSA certificate signed by the root certificate authority (CA):
Run:
curl "https://OPS-MANAGER-FQDN/api/v0/certificates/generate" \
-X POST \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
-i
Where:
OPS-MANAGER-FQDN
is the fully-qualified domain name (FQDN) of your Tanzu Operations Manager deployment.UAA-ACCESS-TOKEN
is your Tanzu Operations Manager access token without any newline characters such as \n
.You can view the Tanzu Operations Manager root CA as a file or in JSON format.
To retrieve the Tanzu Operations Manager root CA as a file through the Tanzu Operations Manager UI:
Go to the Tanzu Operations Manager Installation Dashboard.
From the account drop-down menu, select Settings.
Click Advanced Options.
Click Download Root CA Cert. Your browser downloads the Tanzu Operations Manager root CA certificate file.
To retrieve the Tanzu Operations Manager root CA as a file through the Tanzu Operations Manager API:
Run:
curl "https://OPS-MANAGER-FQDN/download_root_ca_cert" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
-i
Where:
OPS-MANAGER-FQDN
is the FQDN of your Tanzu Operations Manager deployment.UAA-ACCESS-TOKEN
is your Tanzu Operations Manager access token without any newline characters such as \n
.To retrieve the Tanzu Operations Manager root CA in JSON format:
Run:
curl "https://OPS-MANAGER-FQDN/api/v0/security/root_ca_certificate" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
-i
Where:
OPS-MANAGER-FQDN
is the FQDN of your Tanzu Operations Manager deployment.UAA-ACCESS-TOKEN
is your Tanzu Operations Manager access token without any newline characters such as \n
.To view metadata from all deployed RSA certificates visible to Tanzu Operations Manager, including the root CA and certificates that Tanzu Operations Manager stores in CredHub:
Run:
curl "https://OPS-MANAGER-FQDN/api/v0/deployed/certificates" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
-i
Where:
OPS-MANAGER-FQDN
is the FQDN of your Tanzu Operations Manager deployment.UAA-ACCESS-TOKEN
is your Tanzu Operations Manager access token without any newline characters such as \n
.