Managing Certificates with the Ops Manager API

Page last updated:

This topic describes how to manage and retrieve information about certificates in Ops Manager using the Ops Manager API.

Overview

The Ops Manager API includes endpoints for managing and retrieving information about certificates in an Ops Manager deployment.

For more information about Ops Manager API endpoints for managing certificates, see Certificate Authorities in the Ops Manager API documentation.

Prerequisites

To use the Ops Manager API, you must generate an access token by authenticating with the Ops Manager User Account and Authentication (UAA) server.

For more information about authenticating with UAA, see Using Ops Manager API.

Generate a Single RSA Certificate

To generate and return a new RSA certificate signed by the root certificate authority (CA):

  1. Use curl to make a call to the Ops Manager API. Run:

    curl "https://OPS-MANAGER-FQDN/api/v0/certificates/generate" \
          -X POST \
          -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    

    Where:

    • OPS-MANAGER-FQDN is the fully-qualified domain name (FQDN) of your Ops Manager deployment.
    • UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

Retrieve the Ops Manager Root CA

You can view the Ops Manager root CA as a file or in JSON format.

Retrieve the Ops Manager Root CA as a File, Using Ops Manager

To retrieve the Ops Manager Root CA as a file:

  1. Navigate to the Ops Manager Installation Dashboard.

  2. Select Settings from the account menu pull-down in the upper-right corner of the screen.

  3. Select Advanced Options.

  4. Select Download Root CA Cert. The Ops Manager Root CA certificate file is downloaded by your browser.

Retrieve the Ops Manager Root CA as a File

To return the Ops Manager root CA as a file:

  1. Use curl to make a call to the Ops Manager API. Run:

    curl "https://OPS-MANAGER-FQDN/download_root_ca_cert" \
          -X GET \
          -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    

    Where:

    • OPS-MANAGER-FQDN is the fully-qualified domain name (FQDN) of your Ops Manager deployment.
    • UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

Retrieve the Ops Manager Root CA as JSON

To return the Ops Manager root CA as JSON:

  1. Use curl to make a call to the Ops Manager API. Run:

    curl "https://OPS-MANAGER-FQDN/api/v0/security/root_ca_certificate" \
          -X GET \
          -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    

    Where:

    • OPS-MANAGER-FQDN is the fully-qualified domain name (FQDN) of your Ops Manager deployment.
    • UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.

List all RSA Certificates

To return metadata from all deployed RSA certificates visible to Ops Manager, including the root CA and certificates that Ops Manager stores in CredHub:

  1. Use curl to make a call to the Ops Manager API. Run:

    curl "https://OPS-MANAGER-FQDN/api/v0/deployed/certificates" \
          -X GET \
          -H "Authorization: Bearer UAA-ACCESS-TOKEN"
    

    Where:

    • OPS-MANAGER-FQDN is the fully-qualified domain name (FQDN) of your Ops Manager deployment.
    • UAA-ACCESS-TOKEN is your Ops Manager access token without any newline characters such as \n.