NSX Certificate Management Using Rest API

By | 22/06/2017

In this post We will learn how to view generate self-signed certificate for NSX and replace the certificates after getting them signed from CA. We will be doing this via Rest API.

I wrote a post in past on how to replace SSL certs for NSX from GUI. In this post I am trying to achieve the same via Rest API

Following are the API queries which you need to execute in order to generate and replace certs.

Generate CSR Certificate

# curl -k -u “admin:passwd” -d @csr.xml -X PUT https://nsxmgr.alex.local/api/1.0/appliance-management/certificatemanager/csr/nsx

Download CSR Certificate

# curl -k -u “admin:passwd” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/certificatemanager/csr/nsx

Note: If you have not generated the csr yet and try to download the csr certificate, you are going to get below error

Upload Certificate Chain

Once you recieve the signed certificate from your certification authority, you can apply the cert to NSX manager using below API call

# curl -k -u “admin:passwd” -X PUT https://NSX-Manager-IP-Address/api/1.0/appliance-management/certificatemanager/uploadchain/nsx

Query Certificates

Once you have replaced the ssl certificates on NSX, you can query the installed certificate using below API call

# curl -k -u “admin:passwd” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/certificatemanager/certificates/nsx | xmllint –format –

Sources and Additional Reading

NSX Rest API Guide

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable :)

Category: NSX

About Alex Hunt

Hi All I am Manish Jha. I am currently working in OVH US as Operations Support Engineer (vCloud Air Operations). I have around 7 Years of IT experience and have exposure on VMware vSphere, vCloud Director,vSphere Replication, vRealize Automation, NSX and RHEL. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.