You can use the vCloud API to upload and manage SSL certificates, keystores, and Kerberos keytabs for your organization's LDAP service. You can also use the vCloud API to configure SSPI, the Microsoft Security Support Provider Interface, for use with Active Directory.
The OrgLdapSettings element includes links that enable an organization administrator to maintain certificates and truststores for the organization's LDAP service.
<AdminOrg ... > ... <OrgLdapSettings ... > ... <Link rel="certificate:update" type="application/vnd.vmware.admin.certificateUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapCertificate"/> <Link rel="certificate:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapCertificate"/> <Link rel="keystore:update" type="application/vnd.vmware.admin.keystoreUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapKeyStore"/> <Link rel="keystore:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapKeyStore"/> <Link rel="keytab:update" type="application/vnd.vmware.admin.sspiKeytabUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapSspiKeytab"/> <Link rel="keytab:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapSspiKeytab"/> ... </OrgLdapSettings> </AdminOrg>
All of these links implement similar operations. They either upload a new certificate, keytab, or keystore, or reset or remove an existing one. vCloud Director imposes limits on upload sizes.
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
This example uploads an SSL certificate whose size is 892 bytes. The first step obtains an upload URL by POSTing a CertificateUpdateParams element to the organization's settings/ldap/action/updateLdapCertificate URL.
POST: https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapCertificate Content-type: application/vnd.vmware.admin.certificateUpdateParams+xml ... <?xml version="1.0" encoding="UTF-8"?> <CertificateUpdateParams fileSize="892" xmlns="http://www.vmware.com/vcloud/v1.5"> </CertificateUpdateParams>
The response contains an uploadLocation parameter whose value is a URL to which you can upload the certificate.
<CertificateUploadSocket xmlns="http://www.vmware.com/vcloud/v1.5" uploadLocation="https://vcloud.example.com/transfer/53bc1/ldapCertificate"> <Task ... status="running" operation="Updating LDAP certificate Organization (7)" ... </Task> </CertificateUploadSocket>
To upload the certificate, make a PUT request to the uploadLocation URL and supply the certificate in the request body.
PUT https://vcloud.example.com/transfer/53bc1/ldapCertificate Content-length: 892 ...serialized contents of certificate... EOF
200 OK