Managed Object - DrConfigSslCertificateManager

Property of: DrConfigServiceInstanceContent
See also: DrConfigCertificateInfo, DrConfigCsrData
Since: DrConfig API 1.0

Managed Object Description

This managed object provides operations to configure certificates for the configuration service and SRM.

Properties

Name	Type	Description
caCertificates* P	xsd:string[]	Deprecated. Get the current SRM specific list of certificate authority certificates used by SRM to validate other server's certificates.

*May not be presentP Required privilege: System.Read

Methods

Methods defined in this Managed Object
AddCaCertificates, ClearCaCertificates, DrConfigGenerateCSR, DrConfigSetCertificate, DrConfigSetCertificateKey, GetCertificateInfo, InstallCertificate, InstallSelfSignedCertificate, ProbeSsl, RemoveCaCertificates, RetrieveCaCertificates

AddCaCertificates

Add certificate authority certificates to the list of validating certificates. The list is SRM specific and is not system level for the OS. In addition to system level certificate authority certificates, this list is used to validate server certificates when SRM acts as a client.

Required Privileges: DrConfig.Admin

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the DrConfigSslCertificateManager used to make the method call.

certs* P

xsd:string[]

Array of CA certificates. Each item contains a single certificate in PEM format.

Since DrConfig API 1.0

*Need not be set P Required privilege: certs

Return Value

Type	Description
None

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

ClearCaCertificates

Clear the whole SRM specific list of certificate authority certificates, used by SRM to validate other server's certificates.

Required Privileges: DrConfig.Admin

Parameters

Name	Type	Description
_this	ManagedObjectReference	A reference to the DrConfigSslCertificateManager used to make the method call.

Return Value

Type	Description
None

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

DrConfigGenerateCSR

Generate new key and CSR and return it for signing.

Required Privileges: DrConfig.Admin

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the DrConfigSslCertificateManager used to make the method call.

requestData* P

DrConfigCsrData

CsrInfo with desired CSR parameters.

Since DrConfig API 1.0

*Need not be set P Required privilege: requestData

Return Value

Type	Description
xsd:string	Certificate signing request in PEM format.

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

DrConfigSetCertificate

Set new certificate. Reconfigure SRM if already configured. Restart the proxy service.

Required Privileges: DrConfig.Admin

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the DrConfigSslCertificateManager used to make the method call.

certificate P

xsd:string

New server certificate to use in PEM format.

Since DrConfig API 1.0

caChain* P

xsd:string[]

List of intermediate CA certificates used to sign server certificate in PEM format.

Since DrConfig API 1.0

*Need not be set PRequired privilege - see tooltip for details

Return Value

Type	Description
None

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
vmodl.fault.InvalidArgument	Thrown if last generated CSR/PK does not match certificate.
DrConfigFaultPrivateKeyNotFound	Thrown if there is no generated CSR before this call. generateCSR should be called prior to setCertificate
DrConfigFaultSrmAlreadyRunning

Events

Type
None

DrConfigSetCertificateKey

Set new key and certificate. Reconfigure SRM if already configured. Restart the proxy service.

Required Privileges: DrConfig.Admin

Parameters

Name	Type	Description
_this	ManagedObjectReference	A reference to the DrConfigSslCertificateManager used to make the method call.
key P	xsd:string	New server private key to use in PEM format. *Since* DrConfig API 1.0
certificate P	xsd:string	New server certificate to use in PEM format. *Since* DrConfig API 1.0
caChain* P	xsd:string[]	List of intermediate CA certificates, used to sign server certificate in PEM format. During connect in 'Certificate' message the server will send this chain and server certificate. The chain may or may not include the root CA. *Since* DrConfig API 1.0

*Need not be set PRequired privilege - see tooltip for details

Return Value

Type	Description
None

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
vmodl.fault.InvalidArgument	Thrown if key does not match certificate.
DrConfigFaultSrmAlreadyRunning

Events

Type
None

GetCertificateInfo

List the certificate info.

Required Privileges: System.Read
Since: DrConfig API 3.0

Parameters

Name	Type	Description
_this	ManagedObjectReference	A reference to the DrConfigSslCertificateManager used to make the method call.

Return Value

Type	Description
DrConfigCertificateInfo	A DrConfigCertificateInfo object containing information about the certificate.

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

InstallCertificate

Install PKCS#12 certificate. Reconfigure SRM if already configured. Restart the proxy service.

Required Privileges: DrConfig.Admin
Since: DrConfig API 3.0

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the DrConfigSslCertificateManager used to make the method call.

pkcs P

xsd:string

The certificate as string. Base64 encoded.

Since DrConfig API 3.0

pkcsPassword* P

xsd:string

The password for the certificate.

Since DrConfig API 3.0

*Need not be set PRequired privilege - see tooltip for details

Return Value

Type	Description
None

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
DrConfigFaultSrmAlreadyRunning

Events

Type
None

InstallSelfSignedCertificate

Install self-signed certificate. Reconfigure SRM if already configured. Restart the proxy service.

Required Privileges: DrConfig.Admin
Since: DrConfig API 3.0

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the DrConfigSslCertificateManager used to make the method call.

csrData P

DrConfigCsrData

The DrConfigCsrData object to be used to sign the certificate.

Since DrConfig API 3.0

P Required privilege: csrData

Return Value

Type	Description
None

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
DrConfigFaultSrmAlreadyRunning

Events

Type
None

ProbeSsl

Check if SRM can establish successful SSL connection to the specified endpoint.

Required Privileges: DrConfig.Admin

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the DrConfigSslCertificateManager used to make the method call.

uri P

xsd:string

URI of the endpoint to probe.

Since DrConfig API 1.0

P Required privilege: uri

Return Value

Type	Description
DrConfigCertificateInfo	CertificateInfo Structure that describes if this SRM server can validate the certificate coming from the specified endpoint.

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
DrConfigFaultConnectionRefusedFault	Thrown if connection is refused by the target.
DrConfigFaultDnsLookupFault	Thrown if fails to look up the server in DNS.
DrConfigFaultHostUnreachableFault	Thrown if host could not be reached.

Events

Type
None

RemoveCaCertificates

Remove certificate authority certificates from the list of validating certificates. If a certificate requested for removal is not found, this will be noop.

Required Privileges: DrConfig.Admin
Since: DrConfig API 3.1

Parameters

Name

Type

Description

_this

ManagedObjectReference

A reference to the DrConfigSslCertificateManager used to make the method call.

certs* P

xsd:string[]

Array of CA certificates. Each item contains a single certificate in PEM format.

Since DrConfig API 3.1

*Need not be set P Required privilege: certs

Return Value

Type	Description
None

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
vmodl.fault.InvalidArgument	Thrown if certificate string cannot be decoded or if provided certificate is not CA certificate.

Events

Type
None

RetrieveCaCertificates

Get the current SRM specific list of certificate authority certificates used by SRM to validate other server's certificates.

Required Privileges: System.Read
Since: DrConfig API 3.1

Parameters

Name	Type	Description
_this	ManagedObjectReference	A reference to the DrConfigSslCertificateManager used to make the method call.

Return Value

Type	Description
xsd:string[]	Collection of PEM encoded CA certificates. The list does not include system level certificates.

Faults

Type	Description
vmodl.RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None