Managing Certificates with the Ops Manager API

This topic describes how to manage and retrieve information about certificates in PCF using the Ops Manager API.

Overview

The Ops Manager API includes endpoints for managing and retrieving information about certificates in a PCF deployment.

For more information about Ops Manager API endpoints for managing certificates, see Certificate Authorities in the Ops Manager API documentation.

Prerequisites

To use the Ops Manager API, you must generate an access token by authenticating with the Ops Manager User Account and Authentication (UAA) server.

For more information about authenticating with UAA, see Using Ops Manager API.

Generate a Single RSA Certificate

To generate and return a new RSA certificate signed by the root certificate authority (CA), use curl to make the following API call:

curl "https://OPS-MAN-FQDN/api/v0/certificates/generate" \
      -X POST \
      -H "Authorization: Bearer YOUR-UAA-ACCESS-TOKEN"

Where YOUR-UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

Retrieve the Ops Manager Root CA

You can view the Ops Manager root CA as a file or in JSON format.

Retrieve the Ops Manager Root CA as a File, Using Ops Manager

To retrieve the Ops Manager Root CA as a file, do the following:

  1. Open Ops Manager.

  2. Select Settings from the account menu pull-down in the upper-right corner of the screen.

  3. Select Advanced Options.

  4. Select Download Root CA Cert. The Ops Manager Root CA certificate file is downloaded by your browser.

Retrieve the Ops Manager Root CA as a File

To return the Ops Manager root CA as a file, use curl to make the following API call:

curl "https://OPS-MAN-FQDN/download_root_ca_cert" \
      -X GET \
      -H "Authorization: Bearer YOUR-UAA-ACCESS-TOKEN"

Where YOUR-UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

Retrieve the Ops Manager Root CA as JSON

To return the Ops Manager root CA as JSON, use curl to make the following API call:

curl "https://OPS-MAN-FQDN/api/v0/security/root_ca_certificate" \
      -X GET \
      -H "Authorization: Bearer YOUR-UAA-ACCESS-TOKEN"

Where YOUR-UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

List all RSA Certificates

To return metadata from all deployed RSA certificates visible to Ops Manager, except the root CAs, use curl to make the following API call:

curl "https://OPS-MAN-FQDN/api/v0/deployed/certificates" \
      -X GET \
      -H "Authorization: Bearer YOUR-UAA-ACCESS-TOKEN"

Where YOUR-UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.