You can use the vCloud API to upload and manage SSL certificates, keystores, and Kerberos keytabs for your organization's LDAP service.
The OrgLdapSettings element includes links that you can use to manage the organization's LDAP truststore and keystore by uploading new certificates and keytabs.
<Link rel="certificate:update" type="application/vnd.vmware.admin.certificateUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapCertificate" /> <Link rel="certificate:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapCertificate" /> <Link rel="keystore:update" type="application/vnd.vmware.admin.keystoreUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapKeyStore" /> <Link rel="keystore:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapKeyStore" /> <Link rel="keytab:update" type="application/vnd.vmware.admin.sspiKeytabUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapSspiKeytab" /> <Link rel="keytab:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapSspiKeytab" />
Similar links contained by the SystemSettings element allow the system administrator to manage the system LDAP truststore and keystore.
<vcloud:Link rel="certificate:update" type="application/vnd.vmware.admin.certificateUpdateParams+xml" href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/updateLdapCertificate" /> <vcloud:Link rel="certificate:reset" href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/resetLdapCertificate" /> <vcloud:Link rel="keystore:update" type="application/vnd.vmware.admin.keystoreUpdateParams+xml" href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/updateLdapKeyStore" /> <vcloud:Link rel="keystore:reset" href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/resetLdapKeyStore" /> <vcloud:Link rel="keytab:update" type="application/vnd.vmware.admin.sspiKeytabUpdateParams+xml" href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/updateLdapSspiKeytab" /> <vcloud:Link rel="keytab:reset" href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/resetLdapSspiKeytab" />
All of these links implement similar operations. They either upload a new certificate, keytab, or keystore, or reset or remove an existing one. vCloud Director imposes limits on upload sizes.
This example uploads an SSL certificate whose size is 2048 bytes. The first step obtains an upload URL by POSTing a CertificateUpdateParams element to the organization's settings/ldap/action/updateLdapCertificate URL.
POST: https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapCertificate Content-type: application/vnd.vmware.admin.certificateUpdateParams+xml ... <?xml version="1.0" encoding="UTF-8"?> <CertificateUpdateParams fileSize="2048" xmlns="http://www.vmware.com/vcloud/v1.5"> </CertificateUpdateParams>
The response contains an uploadLocation parameter whose value is a URL to which you can upload the certificate.
<CertificateUploadSocket xmlns="http://www.vmware.com/vcloud/v1.5" uploadLocation="https://vcloud.example.com/transfer/53bc1/ldapCertificate"> <Task ... status="running" operation="Updating LDAP certificate Organization (7)" ... </Task> </CertificateUploadSocket>
To upload the certificate, make a PUT request to the uploadLocation URL and supply the certificate in the request body.
PUT https://vcloud.example.com/transfer/53bc1/ldapCertificate Content-length: 2048 ...serialized contents of certificate... EOF
200 OK