You can use the vCloud API to upload and manage SSL certificates, keystores, and Kerberos keytabs for your organization's LDAP service.

The OrgLdapSettings element includes links that you can use to manage the organization's LDAP truststore and keystore by uploading new certificates and keytabs.

<Link
   rel="certificate:update"
   type="application/vnd.vmware.admin.certificateUpdateParams+xml"
   href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapCertificate" />
<Link
   rel="certificate:reset"
   href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapCertificate" />
<Link
   rel="keystore:update"
   type="application/vnd.vmware.admin.keystoreUpdateParams+xml"
   href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapKeyStore" />
<Link
   rel="keystore:reset"
   href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapKeyStore" />
<Link
   rel="keytab:update"
   type="application/vnd.vmware.admin.sspiKeytabUpdateParams+xml"
   href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapSspiKeytab" />
<Link
   rel="keytab:reset"
   href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapSspiKeytab" />

Similar links contained by the SystemSettings element allow the system administrator to manage the system LDAP truststore and keystore.

<vcloud:Link
   rel="certificate:update"
   type="application/vnd.vmware.admin.certificateUpdateParams+xml"
   href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/updateLdapCertificate" />
<vcloud:Link
   rel="certificate:reset"
   href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/resetLdapCertificate" />
<vcloud:Link
   rel="keystore:update"
   type="application/vnd.vmware.admin.keystoreUpdateParams+xml"
   href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/updateLdapKeyStore" />
<vcloud:Link
   rel="keystore:reset"
   href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/resetLdapKeyStore" />
<vcloud:Link
   rel="keytab:update"
   type="application/vnd.vmware.admin.sspiKeytabUpdateParams+xml"
   href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/updateLdapSspiKeytab" />
<vcloud:Link
   rel="keytab:reset"
   href="https://vcloud.example.com/api/admin/extension/settings/ldapSettings/action/resetLdapSspiKeytab" />

All of these links implement similar operations. They either upload a new certificate, keytab, or keystore, or reset or remove an existing one. vCloud Director imposes limits on upload sizes.

Truststore, Certificate, and Keytab Upload Limits

Upload Type

Maximum Size in Megabytes

vCenter truststore

10

LDAP certificate

2

LDAP keystore

2

LDAP SSPI keytab

2

AMQP certificate

2

AMQP truststore

10

Verify that you are logged in to the vCloud API as a system administrator.

1

Create the request body that the request requires.

For details on these request bodies, see the schema reference.

2

POST the request body to the request URL.

The response includes an uploadLocation parameter whose value is a URL to which you can upload the certificate, keytab, or keystore.

3

Use a PUT request to upload the certificate, keytab, or keystore.

This example uploads an SSL certificate whose size is 2048 bytes. The first step obtains an upload URL by POSTing a CertificateUpdateParams element to the organization's settings/ldap/action/updateLdapCertificate URL.

Request:

POST: https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapCertificate
Content-type: application/vnd.vmware.admin.certificateUpdateParams+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<CertificateUpdateParams
   fileSize="2048"
   xmlns="http://www.vmware.com/vcloud/v1.5">
</CertificateUpdateParams>

The response contains an uploadLocation parameter whose value is a URL to which you can upload the certificate.

Response:

<CertificateUploadSocket
   xmlns="http://www.vmware.com/vcloud/v1.5"
   uploadLocation="https://vcloud.example.com/transfer/53bc1/ldapCertificate">
   <Task
      ...
      status="running"
      operation="Updating LDAP certificate Organization (7)"  
      ...
   </Task>
</CertificateUploadSocket>

To upload the certificate, make a PUT request to the uploadLocation URL and supply the certificate in the request body.

Request:

PUT https://vcloud.example.com/transfer/53bc1/ldapCertificate
Content-length: 2048
  ...serialized contents of certificate...

EOF

Response:

200 OK