Cluster certificates requests
Cluster certificates requests
Redis Enterprise Software |
---|
Method | Path | Description |
---|---|---|
GET | /v1/cluster/certificates |
Get cluster certificates |
PUT | /v1/cluster/certificates |
Update cluster certificates |
PUT | /v1/cluster/update_cert |
Update a cluster certificate (deprecated as of Redis Enterprise Software version 7.22.2) |
DELETE | /v1/cluster/certificates/{certificate_name} |
Delete cluster certificate |
Get cluster certificates
GET /v1/cluster/certificates
Get the cluster's certificates.
Required permissions
Permission name |
---|
view_cluster_info |
Request
Example HTTP request
GET /v1/cluster/certificates
Request headers
Key | Value | Description |
---|---|---|
Host | cnm.cluster.fqdn | Domain name |
Accept | application/json | Accepted media type |
Response
Returns a JSON object that contains the cluster's certificates and keys.
Example JSON body
{
"api_cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"api_key": "-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----"
"// additional certificates..."
}
Status codes
Code | Description |
---|---|
200 OK | No error |
Update cluster certificates
PUT /v1/cluster/certificates
Replaces multiple cluster certificates with the provided certificates on all nodes within the cluster. This endpoint validates all provided certificates before actually updating the cluster.
See the certificates table for the list of cluster certificates and their descriptions.
Request
Example HTTP request
PUT /v1/cluster/certificates
Example JSON body
{
"certificates": [
{
"name": "proxy",
"certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
"key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
},
{
"name": "api",
"certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
"key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
}
]
}
Request headers
Key | Value | Description |
---|---|---|
Host | cnm.cluster.fqdn | Domain name |
Accept | application/json | Accepted media type |
Request body
Include an array of certificate objects in the request body.
Response
Returns a 200 OK
status code if all certificates are successfully replaced across the entire cluster.
If the response returns a failed status code, you should retry updating the certificates in case the cluster is no longer in an optimal state.
Status codes
Code | Description |
---|---|
200 OK | No error |
400 Bad Request | Failed, invalid certificate(s) |
403 Forbidden | Failed, unknown certificate(s) |
406 Not Acceptable | Failed, expired certificate(s) |
409 Conflict | Failed, not all nodes have been updated |
Update cluster certificate
PUT /v1/cluster/update_cert
PUT /v1/cluster/certificates
instead.Replaces an existing certificate on all nodes within the cluster with a new certificate. The new certificate must pass validation before it can replace the old certificate.
See the certificates table for the list of cluster certificates and their descriptions.
Request
Example HTTP request
PUT /v1/cluster/update_cert
Example JSON body
{
"name": "certificate1",
"key": "-----BEGIN RSA PRIVATE KEY-----\n[key_content]\n-----END RSA PRIVATE KEY-----",
"certificate": "-----BEGIN CERTIFICATE-----\n[cert_content]\n-----END CERTIFICATE-----",
}
Replace [key_content]
with the content of the private key and [cert_content]
with the content of the certificate.
Response
Responds with the 200 OK
status code if the certificate replacement succeeds across the entire cluster.
Otherwise, retry the certificate update in case the failure was due to a temporary issue in the cluster.
Status codes
Code | Description |
---|---|
200 OK | No error |
400 Bad Request | Failed, invalid certificate. |
403 Forbidden | Failed, unknown certificate. |
404 Not Found | Failed, invalid certificate. |
406 Not Acceptable | Failed, expired certificate. |
409 Conflict | Failed, not all nodes have been updated. |
Delete cluster certificate
DELETE /v1/cluster/certificates/{string: certificate_name}
Removes the specified cluster certificate from both CCS and disk across all nodes. Only optional certificates can be deleted through this endpoint. See the certificates table for the list of cluster certificates and their descriptions.
Request
Example HTTP request
DELETE /v1/cluster/certificates/<certificate_name>
Request headers
Key | Value | Description |
---|---|---|
Host | cnm.cluster.fqdn | Domain name |
Accept | application/json | Accepted media type |
Response
Returns a status code that indicates the certificate deletion success or failure.
Status codes
Code | Description |
---|---|
200 OK | Operation successful |
404 Not Found | Failed, requested deletion of an unknown certificate |
403 Forbidden | Failed, requested deletion of a required certificate |
500 Internal Server Error | Failed, error while deleting certificate from disk |