Cluster certificates requests

Cluster certificates requests

Get cluster certificates

GET /v1/cluster/certificates

Get the cluster's certificates.

Required permissions

Request

Example HTTP request

GET /v1/cluster/certificates 

Request headers

Response

Returns a JSON object that contains the cluster's certificates and keys.

Example JSON body

{
    "api_cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
    "api_key": "-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----"
    "// additional certificates..."
}

Status codes

Update cluster certificates

PUT /v1/cluster/certificates

Replaces multiple cluster certificates with the provided certificates on all nodes within the cluster. This endpoint validates all provided certificates before actually updating the cluster.

See the certificates table for the list of cluster certificates and their descriptions.

Request

Example HTTP request

PUT /v1/cluster/certificates

Example JSON body

{
  "certificates": [
    {
      "name": "proxy",
      "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
      "key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
    },
    {
      "name": "api",
      "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
      "key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
    }
  ]
}

Request headers

Request body

Include an array of certificate objects in the request body.

Response

Returns a 200 OK status code if all certificates are successfully replaced across the entire cluster.

If the response returns a failed status code, you should retry updating the certificates in case the cluster is no longer in an optimal state.

Status codes

Update cluster certificate

PUT /v1/cluster/update_cert

Replaces an existing certificate on all nodes within the cluster with a new certificate. The new certificate must pass validation before it can replace the old certificate.

See the certificates table for the list of cluster certificates and their descriptions.

Request

Example HTTP request

PUT /v1/cluster/update_cert

Example JSON body

{
    "name": "certificate1",
    "key": "-----BEGIN RSA PRIVATE KEY-----\n[key_content]\n-----END RSA PRIVATE KEY-----",
    "certificate": "-----BEGIN CERTIFICATE-----\n[cert_content]\n-----END CERTIFICATE-----",
}

Replace [key_content] with the content of the private key and [cert_content] with the content of the certificate.

Response

Responds with the 200 OK status code if the certificate replacement succeeds across the entire cluster.

Otherwise, retry the certificate update in case the failure was due to a temporary issue in the cluster.

Status codes

Delete cluster certificate

DELETE /v1/cluster/certificates/{string: certificate_name}

Removes the specified cluster certificate from both CCS and disk across all nodes. Only optional certificates can be deleted through this endpoint. See the certificates table for the list of cluster certificates and their descriptions.

Request

Example HTTP request

DELETE /v1/cluster/certificates/<certificate_name>

Request headers

Response

Returns a status code that indicates the certificate deletion success or failure.

Status codes