Certificate Management

NSX supports self‐signed certificates, certificates signed by a Certification Authority (CA), and certificates generated and signed by a CA.

■	`API-URL` is a URL of the form https://vcloud.example.com/network.
■	`id` is a vCloud Director unique identifier in the form of a UUID, as defined by RFC 4122.
■	`#` is a small integer used in an NSX object identifier.

To preserve tenant isolation, globally scoped NSX objects such as certificates, CSRs, and certificate revocation lists, are referenced with a tuple comprising the edge UUID and the NSX ID for the object. For example, where the NSX API references a certificate with identifier certificate-1 with a URL of the form

.../services/truststore/certificate/certificate-1

the vCloud Director API for NSX prepends the edge URL (id) and a colon to the NSX object identifier, as shown in this example:

.../services/truststore/certificate/id:certificate-1

Summary of NSX Certificate Management Requests
Operation	Request	Request Body	Response
Create a certificate for the edge with identifier `id`.	POST `API-URL`/services/truststore/certificate/`id`	trustObject	201 Created
Import a certificate or certificate chain against the certificate signing request with identifier csr-`#`.	POST `API-URL`/services/truststore/certificate/csr-`#`	trustObject	204 No Content
Retrieve all certificates for the edge with identifier `id`.	GET `API-URL`/services/truststore/certificate/scope/`id`	None	certificates
Retrieve the certificate with identifier certificate-`#` from the edge with identifier `id`.	GET `API-URL`/services/truststore/certificate/`id`:certificate-`#`	None	certificate
Delete the certificate with identifier certificate-`#` from the edge with identifier `id`.	DELETE `API-URL`/services/truststore/certificate/`id`:certificate-`#`	None	204 No Content
Create a certificate signing request for the edge with identifier `id`.	POST `API-URL`/services/truststore/csr/`id`	csr	201 Created
Retrieve all certificate signing requests for the edge with identifier `id`.	GET `API-URL`/services/truststore/csr/scope/`id`	None	csrs
Retrieve the certificate signing request with identifier csr-`#`from the edge with identifier `id`.	GET `API-URL`/services/truststore/certificate/`id`:csr-`#`	None	csr
Delete the certificate signing request with identifier csr-`#` from the edge with identifier `id`.	DELETE `API-URL`/services/truststore/certificate/`id`:csr-`#`	None	204 No Content
Create a certificate revocation list for the edge with identifier `id`.	POST `API-URL`/services/truststore/crl/`id`	trustObject	204 No Content
Retrieve all certificate revocation lists for the edge with identifier `id`.	GET `API-URL`/services/truststore/crl/scope/`id`	None	crls
Retrieve the certificate revocation list with identifier crl-`#`from the edge with identifier `id`.	GET `API-URL`/services/truststore/certificate/`id`:crl-`#`	None	crl
Delete the certificate revocation list with identifier crl-`#` from the edge with identifier `id`.	DELETE `API-URL`/services/truststore/certificate/`id`:crl-`#`	None	204 No Content