Managed Object - HostCertificateManager(vim.host.CertificateManager)

Property of: HostConfigManager
See also: HostCertificateManagerCertificateInfo, HostCertificateManagerCertificateSpec
Since: vSphere API Release 6.0

Managed Object Description

CertificateManager provides an interface for managing the SSL certificates used by the server.

Properties

Name	Type	Description
certificateInfo P	HostCertificateManagerCertificateInfo	the CertificateInfo of the Host Certificate.

Name

Type

Description

certificateInfo P

HostCertificateManagerCertificateInfo

the CertificateInfo of the Host Certificate.

P Required privilege: Certificate.Manage

Methods

Methods defined in this Managed Object
GenerateCertificateSigningRequest, GenerateCertificateSigningRequestByDn, InstallServerCertificate, ListCACertificateRevocationLists, ListCACertificates, NotifyAffectedServices, ProvisionServerPrivateKey, ReplaceCACertificatesAndCRLs, RetrieveCertificateInfoList

GenerateCertificateSigningRequest(generateCertificateSigningRequest)

Requests the server to generate a certificate-signing request (CSR) for itself. The CSR is then typically provided to a Certificate Authority to sign and issue the SSL certificate for the server. Use InstallServerCertificate to install this certificate.

Required Privileges: Certificate.Manage

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the HostCertificateManager used to make the method call.

useIpAddressAsCommonName

xsd:boolean

if true, use host's management IP address as CN in the CSR; otherwise use host's FQDN.

Since vSphere API Release 6.0

spec*

HostCertificateManagerCertificateSpec

is used to generate CSR for selected certificate kind.

Since vSphere API Release 6.0

*Need not be set

Return Value

Type	Description
xsd:string	CSR in PEM format

Faults

Type	Description
HostConfigFault	Thrown if there's a problem generating the CSR.
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="GenerateCertificateSigningRequest" type="vim25:GenerateCertificateSigningRequestRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="GenerateCertificateSigningRequestResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string"/>
                     </sequence>
                  </complexType>
               </element>

GenerateCertificateSigningRequestByDn(generateCertificateSigningRequestByDn)

Requests the server to generate a certificate-signing request (CSR) for itself. Alternative version similar to GenerateCertificateSigningRequest but takes a Distinguished Name (DN) as a parameter.

Required Privileges: Certificate.Manage

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the HostCertificateManager used to make the method call.

distinguishedName

xsd:string

DN to be used as subject in CSR.

Since vSphere API Release 6.0

spec*

HostCertificateManagerCertificateSpec

is used to generate CSR for selected certificate kind

Since vSphere API Release 6.0

*Need not be set

Return Value

Type	Description
xsd:string	CSR in PEM format

Faults

Type	Description
HostConfigFault	Thrown if there's a problem generating the CSR.
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="GenerateCertificateSigningRequestByDn" type="vim25:GenerateCertificateSigningRequestByDnRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="GenerateCertificateSigningRequestByDnResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string"/>
                     </sequence>
                  </complexType>
               </element>

InstallServerCertificate(installServerCertificate)

Installs a given SSL certificate on the server. The private key must have been previously generated by GenerateCertificateSigningRequest or provided by ProvisionServerPrivateKey.

Required Privileges: Certificate.Manage

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the HostCertificateManager used to make the method call.

cert

xsd:string

SSL certificate in PEM format

Since vSphere API Release 6.0

Return Value

Type	Description
None

Faults

Type	Description
HostConfigFault	Thrown if there's a problem with the input certificate, or the certificate and key don't match.
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="InstallServerCertificate" type="vim25:InstallServerCertificateRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="InstallServerCertificateResponse">
                  <complexType/>
               </element>

ListCACertificateRevocationLists(listCACertificateRevocationLists)

Fetches the SSL CRLs of Certificate Authorities that are trusted.

Required Privileges: Certificate.Manage

Parameters

Name	Type	Description
_this	ManagedObjectReference	A reference to the HostCertificateManager used to make the method call.

Return Value

Type	Description
xsd:string[]	SSL CRLs of trusted CAs in PEM format

Faults

Type	Description
HostConfigFault	Thrown if there's a problem with the certificate store.
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="ListCACertificateRevocationLists" type="vim25:ListCACertificateRevocationListsRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="ListCACertificateRevocationListsResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
                     </sequence>
                  </complexType>
               </element>

ListCACertificates(listCACertificates)

Fetches the SSL certificates of Certificate Authorities that are trusted.

Required Privileges: Certificate.Manage

Parameters

Name	Type	Description
_this	ManagedObjectReference	A reference to the HostCertificateManager used to make the method call.

Return Value

Type	Description
xsd:string[]	SSL certificates of trusted CAs in PEM format

Faults

Type	Description
HostConfigFault	Thrown if there's a problem with the certificate store.
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="ListCACertificates" type="vim25:ListCACertificatesRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="ListCACertificatesResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
                     </sequence>
                  </complexType>
               </element>

NotifyAffectedServices(notifyAffectedServices)

Instructs the host services affected by SSL credential changes by InstallServerCertificate or ReplaceCACertificatesAndCRLs to take into account said changes now. Please note, that old SSL connections typically survive the transition and continue using old SSL credentials. New SSL connections will use the new SSL credentials.

Required Privileges: Certificate.Manage
Since: vSphere API Release 8.0.3.0

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the HostCertificateManager used to make the method call.

services*

xsd:string[]

list of services that need to be notified and no other service would be notified. if not provided all supported services would be notified.

Since vSphere API Release 6.0

*Need not be set

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="NotifyAffectedServices" type="vim25:NotifyAffectedServicesRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="NotifyAffectedServicesResponse">
                  <complexType/>
               </element>

ProvisionServerPrivateKey(provisionServerPrivateKey)

Provisions a given SSL private key on the server for use with a subsequent SSL certificate installation. The recommended way to update the server private key is via GenerateCertificateSigningRequest, which ensures that the key never leaves the host.

The current method is intended for use only in environments that have special requirements on how their private keys are generated.

Required Privileges: Certificate.Manage
Since: vSphere API Release 8.0.3.0

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the HostCertificateManager used to make the method call.

key

xsd:string

SSL private key in PEM format

Since vSphere API Release 8.0.3.0

Return Value

Type	Description
None

Faults

Type	Description
HostConfigFault	Thrown if there's a problem with the input key.
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="ProvisionServerPrivateKey" type="vim25:ProvisionServerPrivateKeyRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="ProvisionServerPrivateKeyResponse">
                  <complexType/>
               </element>

ReplaceCACertificatesAndCRLs(replaceCACertificatesAndCRLs)

Replaces the trusted Certificate Authority (CA) certificates and Certification Revocation List (CRL) used by the server with the provided values. These determine whether the server can verify the identity of an external entity.

Required Privileges: Certificate.Manage

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the HostCertificateManager used to make the method call.

caCert

xsd:string[]

List of SSL certificates, in PEM format, of all CAs that should be trusted

Since vSphere API Release 6.0

caCrl*

xsd:string[]

List of SSL CRLs, in PEM format, issued by trusted CAs from the above list

Since vSphere API Release 6.0

*Need not be set

Return Value

Type	Description
None

Faults

Type	Description
HostConfigFault	Thrown if there's a problem with the input certificates or CRLs.
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="ReplaceCACertificatesAndCRLs" type="vim25:ReplaceCACertificatesAndCRLsRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="ReplaceCACertificatesAndCRLsResponse">
                  <complexType/>
               </element>

RetrieveCertificateInfoList(retrieveCertificateInfoList)

the CertificateInfos of all known Certificates on the host

Required Privileges: Certificate.Manage
Since: vSphere API Release 8.0.1.0

Parameters

Name	Type	Description
_this	ManagedObjectReference	A reference to the HostCertificateManager used to make the method call.

Return Value

Type	Description
HostCertificateManagerCertificateInfo[]

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="RetrieveCertificateInfoList" type="vim25:RetrieveCertificateInfoListRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vim25="urn:vim25" name="RetrieveCertificateInfoListResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="vim25:HostCertificateManagerCertificateInfo" minOccurs="0" maxOccurs="unbounded"/>
                     </sequence>
                  </complexType>
               </element>