![vrli](https://vmusketeers.com/wp-content/uploads/2020/02/vrli.png)
When you have to replace certificates on multiple vRLI clusters, using the API might be a better way to change them on all your cluster nodes.
Prerequisites
You will need to prepare a certificate with a subject alternative name (SAN) for each of the cluster members and the Internal Load Balancer (ILB).
You can use this article as a guide.
How to
Take note that I do not know if this is officially supported, but in my tests it works.
Use a REST API client and connect to the ILB IP and request a session token. Make sure to add the credentials to the body of your request. When you post the command, a session token will be generated. You need this token to be able to add new certificates to your cluster (and many other actions).
POST https://vrli-fqdn/api/v1/sessions
![](https://vmusketeers.com/wp-content/uploads/2020/03/image-2.png)
Open a new tab in your REST API client of choice (mine is Postman). Prepare the command to post the new certificate to the other cluster members.
POST https://vrli-fqdn/api/v1/certificate
In authorization select Bearer Token as the type and add the Token obtained from the previous command.
![](https://vmusketeers.com/wp-content/uploads/2020/03/image-3-1024x389.png)
Open the Body tab and paste the contents from the generated PEM certificate.
![](https://vmusketeers.com/wp-content/uploads/2020/03/image-4-1024x718.png)
Pressing send will push the new certificate to all the cluster members.
![](https://vmusketeers.com/wp-content/uploads/2020/03/image-6.png)
Leave a Reply