Managing Certificates with the Ops Manager API

Page last updated:

Warning: Pivotal Cloud Foundry (PCF) v2.4 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

This topic describes how to manage and retrieve information about certificates in PCF using the Ops Manager API.

Overview

The Ops Manager API includes endpoints for managing and retrieving information about certificates in a PCF deployment.

For more information about Ops Manager API endpoints for managing certificates, see Certificate Authorities in the Ops Manager API documentation.

Prerequisites

To use the Ops Manager API, you must generate an access token by authenticating with the Ops Manager User Account and Authentication (UAA) server.

For more information about authenticating with UAA, see Using Ops Manager API.

Generate a Single RSA Certificate

To generate and return a new RSA certificate signed by the root certificate authority (CA), use curl to make the following API call:

curl "https://OPS-MAN-FQDN/api/v0/certificates/generate" \
      -X POST \
      -H "Authorization: Bearer YOUR-UAA-ACCESS-TOKEN"

Where YOUR-UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

Retrieve the Ops Manager Root CA

You can view the Ops Manager root CA as a file or in JSON format.

Retrieve the Ops Manager Root CA as a File

To return the Ops Manager root CA as a file, use curl to make the following API call:

curl "https://OPS-MAN-FQDN/download_root_ca_cert" \
      -X GET \
      -H "Authorization: Bearer YOUR-UAA-ACCESS-TOKEN"

Where YOUR-UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

Retrieve the Ops Manager Root CA as JSON

To return the Ops Manager root CA as JSON, use curl to make the following API call:

curl "https://OPS-MAN-FQDN/api/v0/security/root_ca_certificate" \
      -X GET \
      -H "Authorization: Bearer YOUR-UAA-ACCESS-TOKEN"

Where YOUR-UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

List all RSA Certificates

To return metadata from all deployed RSA certificates visible to Ops Manager, except the root CAs, use curl to make the following API call:

curl "https://OPS-MAN-FQDN/api/v0/deployed/certificates" \
      -X GET \
      -H "Authorization: Bearer YOUR-UAA-ACCESS-TOKEN"

Where YOUR-UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.