In Part 1 of this series we saw how to retrieve a sessionId from the Site Recovery Manager VAMI interface using Postman & Powershell. In this post we will use that sessionId to replace the appliance SSL certificate using the API. To start we again use the VAMI UI to inspect the endpoint URL being used for certificate replacement by doing a manual replacement. In this case the URL is:
https://sfo-m01-srm01.sfo.rainpole.io:5480/configure/requestHandlers/installPkcs12Certificate
Site Recovery Manager expects the certificate in P12 format so I used CertGen to create the cert format needed. When using the UI you browse to the cert file and it uploads in the browser along with the certificate passphrase. Behind the scenes it is then base64 encoded, so you need to do this before using the API.
# Base64 encoded the p12 file
$certFile = ".\sfo-m01-srm01.4.p12"
$base64string = [Convert]::ToBase64String([IO.File]::ReadAllBytes($certFile))
$body = '{
"certificateContent": "'+$base64string+'",
"certificatePassword": "'+$certPassword+'"
}'
#Create the required headers using the sessionId
$headers = @{"Content-Type" = "application/json"}$headers.Add("dr.config.service.sessionid", "$sessionId")
$uri = "https://sfo-m01-srm01.sfo.rainpole.io:5480/configure/requestHandlers/installPkcs12Certificate"
Invoke-RestMethod -Method POST -Uri $uri -Headers $headers -body $body
And there you have it..your appliance cert replaced via the API.
LifeOfBrianOC 