{
  "id": "certificates",
  "title": "Cluster certificates requests",
  "url": "https://redis.io/docs/latest/operate/rs/7.8/references/rest-api/requests/cluster/certificates/",
  "summary": "Cluster certificates requests",
  "content": "\n| Method | Path | Description |\n|--------|------|-------------|\n| [GET](#get-cluster-certificates) | `/v1/cluster/certificates` | Get cluster certificates |\n| [PUT](#put-cluster-update_cert) | `/v1/cluster/update_cert` | Update a cluster certificate |\n| [DELETE](#delete-cluster-certificate) | `/v1/cluster/certificates/{certificate_name}` | Delete cluster certificate |\n\n## Get cluster certificates {#get-cluster-certificates}\n\n\tGET /v1/cluster/certificates\n\nGet the cluster's certificates.\n\n#### Required permissions\n\n| Permission name |\n|-----------------|\n| [view_cluster_info]() |\n\n### Request {#get-request} \n\n#### Example HTTP request\n\n\tGET /v1/cluster/certificates \n\n\n#### Request headers\n\n| Key | Value | Description |\n|-----|-------|-------------|\n| Host | cnm.cluster.fqdn | Domain name |\n| Accept | application/json | Accepted media type |\n\n### Response {#get-response} \n\nReturns a JSON object that contains the cluster's certificates and keys.\n\n#### Example JSON body\n\n```json\n{\n    \"api_cert\": \"-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----\",\n    \"api_key\": \"-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----\"\n    \"// additional certificates...\"\n}\n```\n\n### Status codes {#get-status-codes} \n\n| Code | Description |\n|------|-------------|\n| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | No error |\n\n\n## Update cluster certificate {#put-cluster-update_cert}\n\n```sh\nPUT /v1/cluster/update_cert\n```\n\nReplaces an existing certificate on all nodes within the cluster with a new certificate. The new certificate must pass validation before it can replace the old certificate.\n\nSee the [certificates table]() for the list of cluster certificates and their descriptions.\n\n### Request {#put-request}\n\n#### Example HTTP request\n\n```sh\nPUT /v1/cluster/update_cert\n```\n\n#### Example JSON body\n\n```json\n{\n    \"name\": \"certificate1\",\n    \"key\": \"-----BEGIN RSA PRIVATE KEY-----\\n[key_content]\\n-----END RSA PRIVATE KEY-----\",\n    \"certificate\": \"-----BEGIN CERTIFICATE-----\\n[cert_content]\\n-----END CERTIFICATE-----\",\n}\n```\n\nReplace `[key_content]` with the content of the private key and `[cert_content]` with the content of the certificate.\n\n### Response {#put-response}\n\nResponds with the `200 OK` status code if the certificate replacement succeeds across the entire cluster.\n\nOtherwise, retry the certificate update in case the failure was due to a temporary issue in the cluster.\n\n### Status codes {#put-status-codes}\n\n| Code | Description |\n|------|-------------|\n| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | No error |\n| [400 Bad Request](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1) | Failed, invalid certificate. |\n| [403 Forbidden](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4) | Failed, unknown certificate. |\n| [404 Not Found](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5) | Failed, invalid certificate. |\n| [406 Not Acceptable](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.7) | Failed, expired certificate. |\n| [409 Conflict](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.10) | Failed, not all nodes have been updated. |\n\n\n## Delete cluster certificate {#delete-cluster-certificate}\n\n\tDELETE /v1/cluster/certificates/{string: certificate_name}\n\nRemoves the specified cluster certificate from both CCS and disk\nacross all nodes. Only optional certificates can be deleted through\nthis endpoint. See the [certificates table]() for the list of cluster certificates and their descriptions.\n\n### Request {#delete-request} \n\n#### Example HTTP request\n\n\tDELETE /v1/cluster/certificates/\u003ccertificate_name\u003e\n\n\n#### Request headers\n\n| Key | Value | Description |\n|-----|-------|-------------|\n| Host | cnm.cluster.fqdn | Domain name |\n| Accept | application/json | Accepted media type |\n\n### Response {#delete-response} \n\nReturns a status code that indicates the certificate deletion success or failure.\n\n### Status codes {#delete-status-codes} \n\n| Code | Description |\n|------|-------------|\n| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | Operation successful |\n| [404 Not Found](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5) | Failed, requested deletion of an unknown certificate |\n| [403 Forbidden](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4) | Failed, requested deletion of a required certificate |\n| [500 Internal Server Error](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1) | Failed, error while deleting certificate from disk |\n",
  "tags": ["docs","operate","rs"],
  "last_updated": "2026-04-01T08:10:08-05:00",
  "children": [{"id":"rotate","summary":"Rotate cluster certificates requests","title":"Rotate cluster certificates requests","url":"https://redis.io/docs/latest/operate/rs/7.8/references/rest-api/requests/cluster/certificates/rotate/"}]
}