You can use HTTP requests to perform trust management operations.

You can establish and remove trust between a Workload vCenter Server and the hosts in a vSphere Trust Authority Cluster. You can also list all Workload vCenter Server instances that have established trust with the host in a vSphere Trust Authority Cluster. Some operations require you to specify parameters in the body of the HTTP request according to your vSphere Trust Authority environment. For details about the syntax of each HTTP request body, see the API Reference documentation.

Prerequisites

  • Verify that you have access to a working vSphere Trust Authority environment.
  • Verify that you have Trusted Infrastructure administrative privileges.

Procedure

  1. Establish trust between a vSphere Trust Authority Cluster and a Workload vCenter Server by creating a profile, so that the Workload vCenter Server can retrieve the health status of the vSphere Trust Authority components.
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/consumer-principals?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  2. Remove the trust between a Workload vCenter Server and the hosts in the vSphere Trust Authority Cluster, so that the Workload vCenter Server stops using the hosts for attestation.
    DELETE https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/consumer-principals/<profile>?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  3. List all profiles which the vSphere Trust Authority Cluster trusts.
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/consumer-principals?action=query&vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>