Using the API to add a new certificate to a vRLI cluster


When you have to replace certificates on multiple vRLI clusters, using the API might be a better way to change them on all your cluster nodes.

Prerequisites

You will need to prepare a certificate with a subject alternative name (SAN) for each of the cluster members and the Internal Load Balancer (ILB).
You can use this article as a guide.

How to

Take note that I do not know if this is officially supported, but in my tests it works.

Use a REST API client and connect to the ILB IP and request a session token. Make sure to add the credentials to the body of your request. When you post the command, a session token will be generated. You need this token to be able to add new certificates to your cluster (and many other actions).

 POST https://vrli-fqdn/api/v1/sessions

Open a new tab in your REST API client of choice (mine is Postman). Prepare the command to post the new certificate to the other cluster members.

POST https://vrli-fqdn/api/v1/certificate

In authorization select Bearer Token as the type and add the Token obtained from the previous command.

Open the Body tab and paste the contents from the generated PEM certificate.

Pressing send will push the new certificate to all the cluster members.


Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.