Manage VMware vSphere certificate

Use this REST API to manage the VMware vSphere certificate.

Renew VMware vSphere certificate REST API

Use this REST API to renew VMware vSphere certificates.

Important: The renew VMware certificate process takes approximately 45 minutes to complete. As part of the renew VMware certificate process, the workflow restarts the VMware services. The VMware vCenter is not available until the process completes. Run this activity in a maintenance window.

Note: Any user with administrator privileges (HARDWARE_ADMIN_WRITER role) and ibmeng credentials can run the REST API.

The following tables provide information to renew all the VMware vSphere certificates.

Table 1. GET method
REST API information	Value	Description
URI	/admin/resources/renew_vmware_certificate
Method	GET
Returns	200	Starts a '`renew VMwareSTSCertificate`' job to renew the VMware vSphere certificate.
Returns	500	Internal error when starting a job.

Table 2. POST method (applies to IBM Cloud Pak System 2.3.3.6 interim fix and later)
REST API information	Value	Description
URI	/admin/resources/renew_vmware_certificate
Method	POST
Returns	200	Starts a '`renew VMwareSTSCertificate`' job to renew the VMware vSphere certificate.
Returns	500	Internal error when starting a job.

The status for the job can be monitored on the IBM® Cloud Pak System user interface under Problem determination > Job Queue.

For example,

Response body for success

{
   "id": "CWZIP2937I",
   "messages": {
      "message": "CWZIP2937I: Started the 'renew_VMwareSTSCertificate' job for renewing VMware certificates.",
      "lang": "en"
   },
   "type": "Information",
   "time": "Tue 17 Jan 2023 09:09:10.121 UTC",
   "suggestedAction": "Monitor the job log under 'Problem determination -> Job Queue'. If the issue persists, engage IBM Support with the PSM (most common) collection set.",
   "uri": "/resources/renew_vmware_certificate",
   "description": "VMware certificate renewal process is in progress. The vCenter services would not be available for a couple of minutes until the process is completed."
}

Response body for error

{
   "id": "CWZIP2936E",
   "messages": {
      "message": "CWZIP2936E: Internal error occurred when starting the job.",
      "lang": "en" 
   },
   "type": "Error",
   "time": "Mon 16 Jan 2023 11:56:18.811 UTC",
   "suggestedAction": "Retry the API execution. If the issue persists, engage IBM Support with the PSM (most common) collection set.",
   "uri": "/resources/renew_vmware_certificate",
   "description": "Internal error occurred when starting the 'renew_VMwareSTSCertificate' job for renewing VMware certificates."
}

Response body when maintenance window is not enabled

Applies to IBM Cloud Pak System 2.3.3.6 interim fix and later.

{
   "id": "CWZIP2939W",
   "messages": {
      "message": "CWZIP2939W: Unable to trigger 'renew_VMwareSTSCertificate' work-flow as the appliance is not in Maintenance mode.",
      "lang": "en"
   },
   "type": "Warning",
   "time": "Thu 03 Aug 2023 11:08:18.282 UTC",
   "suggestedAction": "Please schedule a maintenance window for renewing the VMware certificate and re-trigger the API",
   "uri": "/resources/renew_vmware_certificate",
   "description": "'renew_VMwareSTSCertificate' work-flow requires appliance to be in maintenance mode. Please schedule a maintenance window for renewing the VMware certificate."
}