Cluster certificates requests
Cluster certificates requests
| Method | Path | Description |
|---|---|---|
| GET | /v1/cluster/certificates |
Get cluster certificates |
| PUT | /v1/cluster/update_cert |
Update a cluster certificate |
| DELETE | /v1/cluster/certificates/{certificate_name} |
Delete cluster certificate |
Get cluster certificates
GET /v1/cluster/certificates
Get the cluster's certificates.
Required permissions
| Permission name |
|---|
| view_cluster_info |
Request
Example HTTP request
GET /cluster/certificates
Request headers
| Key | Value | Description |
|---|---|---|
| Host | cnm.cluster.fqdn | Domain name |
| Accept | application/json | Accepted media type |
Response
Returns a JSON object that contains the cluster's certificates and keys.
Example JSON body
{
"api_cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"api_key": "-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----"
"// additional certificates..."
}
Status codes
| Code | Description |
|---|---|
| 200 OK | No error |
Update cluster certificate
PUT /v1/cluster/update_cert
Replaces an existing certificate on all nodes within the cluster with a new certificate. The new certificate must pass validation before it can replace the old certificate.
See the certificates table for the list of cluster certificates and their descriptions.
Request
Example HTTP request
PUT /cluster/update_cert
Example JSON body
{
"name": "certificate1",
"key": "-----BEGIN RSA PRIVATE KEY-----\n[key_content]\n-----END RSA PRIVATE KEY-----",
"certificate": "-----BEGIN CERTIFICATE-----\n[cert_content]\n-----END CERTIFICATE-----",
}
Replace [key_content] with the content of the private key and [cert_content] with the content of the certificate.
Response
Responds with the 200 OK status code if the certificate replacement succeeds across the entire cluster.
Otherwise, retry the certificate update in case the failure was due to a temporary issue in the cluster.
Status codes
| Code | Description |
|---|---|
| 200 OK | No error |
| 400 Bad Request | Failed, invalid certificate. |
| 403 Forbidden | Failed, unknown certificate. |
| 404 Not Found | Failed, invalid certificate. |
| 406 Not Acceptable | Failed, expired certificate. |
| 409 Conflict | Failed, not all nodes have been updated. |
Delete cluster certificate
DELETE /v1/cluster/certificates/{string: certificate_name}
Removes the specified cluster certificate from both CCS and disk across all nodes. Only optional certificates can be deleted through this endpoint. See the certificates table for the list of cluster certificates and their descriptions.
Request
Example HTTP request
DELETE /cluster/certificates/<certificate_name>
Request headers
| Key | Value | Description |
|---|---|---|
| Host | cnm.cluster.fqdn | Domain name |
| Accept | application/json | Accepted media type |
Response
Returns a status code that indicates the certificate deletion success or failure.
Status codes
| Code | Description |
|---|---|
| 200 OK | Operation successful |
| 404 Not Found | Failed, requested deletion of an unknown certificate |
| 403 Forbidden | Failed, requested deletion of a required certificate |
| 500 Internal Server Error | Failed, error while deleting certificate from disk |