Managing Certificates with the Ops Manager API

This topic describes how to manage and retrieve information about certificates in VMware Tanzu Operations Manager (Ops Manager) using the Ops Manager API.

Overview

The Ops Manager API includes endpoints for managing and retrieving information about certificates in an Ops Manager deployment.

For more information about Ops Manager API endpoints for managing certificates, see the Ops Manager API documentation.

Prerequisites

To use the Ops Manager API, you must generate an access token by authenticating with the Ops Manager User Account and Authentication (UAA) server.

For more information about authenticating with UAA, see Using the Ops Manager API.

Generate a Single RSA Certificate

To generate and retrieve a new RSA certificate signed by the root certificate authority (CA):

Run:
```
curl "https://OPS-MANAGER-FQDN/api/v0/certificates/generate" \
      -X POST \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -i
```
Where:
- OPS-MANAGER-FQDN is the fully-qualified domain name (FQDN) of your Ops Manager deployment.
- UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

Retrieve the Ops Manager Root CA

You can view the Ops Manager root CA as a file or in JSON format.

Retrieve the Ops Manager Root CA as a File Through the Ops Manager UI

To retrieve the Ops Manager root CA as a file through the Ops Manager UI:

Navigate to the Ops Manager Installation Dashboard.
From the account menu dropdown in the upper-right corner of the screen, select Settings.
Select Advanced Options.
Select Download Root CA Cert. Your browser downloads the Ops Manager root CA certificate file.

Retrieve the Ops Manager Root CA as a File Through the Ops Manager API

To retrieve the Ops Manager root CA as a file through the Ops Manager API:

Run:
```
curl "https://OPS-MANAGER-FQDN/download_root_ca_cert" \
      -X GET \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -i
```
Where:
- OPS-MANAGER-FQDN is the FQDN of your Ops Manager deployment.
- UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

Retrieve the Ops Manager Root CA in JSON Format

To retrieve the Ops Manager root CA in JSON format:

Run:
```
curl "https://OPS-MANAGER-FQDN/api/v0/security/root_ca_certificate" \
      -X GET \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -i
```
Where:
- OPS-MANAGER-FQDN is the FQDN of your Ops Manager deployment.
- UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

List All RSA Certificates

To view metadata from all deployed RSA certificates visible to Ops Manager, including the root CA and certificates that Ops Manager stores in CredHub:

Run:
```
curl "https://OPS-MANAGER-FQDN/api/v0/deployed/certificates" \
      -X GET \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -i
```
Where:
- OPS-MANAGER-FQDN is the FQDN of your Ops Manager deployment.
- UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.