본문 바로가기
Management

Postman을 사용하여 Locker에서 발급한 인증서 확인

haewon83 2022. 8. 30. 13:55

[구성 환경]

vRealize Lifecycle Manager

IP Address : 192.168.1.41

ID : admin@local

PW : P@ssw0rd

 

1. vRealize Lifecycle Manager에 접속 가능한 machine에 postman을 다운로드하고 설치합니다.

https://www.postman.com/downloads/

 

2. 먼저, 인증 절차를 진행합니다.

HTTP method는 POST로 하고, URL은 https://192.168.1.41/lcm/authzn/api/login를 이용합니다.

Authrization Tab에서 인증 Type은 Basic Auth로 설정하고, ID와 PW를 입력하고 "Send"를 클릭합니다.

 

명령이 정상적으로 처리되면, Header Tab에서 Cookie 값을 확인할 수 있습니다. 이제 이 Cookie 값을 가지고 API를 호출할 수 있습니다.

 

3. 인증서를 확인하기 위한 API를 호출합니다.

HTTP method는 GET으로 하고, URL은 https://192.168.1.41/lcm/locker/api/v2/certificates를 이용합니다.

Headers에 Content-type과 Accept는 application/json로 설정하고, Set-Cookie는 위에서 획득한 "JSESSIONID=998A3D78534FA7F91C9967D51889064E" 값을 입력합니다.(SessionID 값을 인증 요청 시마다 달라집니다.)

 

4. "Send"를 클릭하면, 다음과 같은 인증서 정보를 받아볼 수 있습니다.

issuer가 CN=vRealize Suite Lifecycle Manager Locker CA 이고, 인증서는 CN=*.contoso.com 인 것을 확인할 수 있습니다.

{
    "page": 0,
    "total": 1,
    "certificates": [
        {
            "vmid": "a4d83138-90bc-492e-a94f-bde96f8711f6",
            "tenant": "default",
            "subject": "CN=*.contoso.com,OU=vmware,O=vmware,C=KR",
            "issuer": "CN=vRealize Suite Lifecycle Manager Locker CA,O=VMware,C=IN",
            "algorithm": "SHA256WITHRSA",
            "sha1": "67360f2744f7b6511c05cfd1509fa025ae91c3ec",
            "alias": "Certificate",
            "healthy": true,
            "referenced": false
        }
    ]
}

이 인증서는 vRealize Lifecycle Manager에서 Locker를 이용하여 발급한 인증서입니다. 아래 캡쳐 화면을 참고하시기 바랍니다.

 

5. 보다 자세한 인증서 정보를 조회할 수 있습니다.

HTTP method는 GET으로 하고, URL은 https://192.168.1.41/lcm/locker/api/v2/certificates/a4d83138-90bc-492e-a94f-bde96f8711f6를 이용합니다.

(a4d83138-90bc-492e-a94f-bde96f8711f6는 이전 단계에서 확인한 vmid 값)

"Send"를 클릭하면, 해당 인증서의 Detail 정보를 얻을 수 있습니다.

{
    "vmid": "a4d83138-90bc-492e-a94f-bde96f8711f6",
    "tenant": "default",
    "alias": "Certificate",
    "key": "PRIVATE KEY****",
    "certChain": "-----BEGIN CERTIFICATE-----\nMIIDyjCCArKgAwIBAgIGAYLVaReMMA0GCSqGSIb3DQEBCwUAMFMxMzAxBgNVBAMM\nKnZSZWFsaXplIFN1aXRlIExpZmVjeWNsZSBNYW5hZ2VyIExvY2tlciBDQTEPMA0G\nA1UECgwGVk13YXJlMQswCQYDVQQGEwJJTjAeFw0yMjA4MjUxNDMwMTBaFw0yNDA4\nMjQxNDMwMTBaMEcxFjAUBgNVBAMMDSouY29udG9zby5jb20xDzANBgNVBAsMBnZt\nd2FyZTEPMA0GA1UECgwGdm13YXJlMQswCQYDVQQGEwJLUjCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBAMCOGWJxxsvMtQE15SjhivJA7PXI22HWYLWcNT4K\nyYzepHhUGcGoVAndaggZbHyMVF0LQiiRkheykX1LPn5Rl1I1EYyqHdp1niA9bGgh\ncsRoOVxOQZXlUnLxnSMISniSwPfS48LQcBVvufKURSwwaIwNp0AIty7yMjH6PG7r\ngSsLoQMRlFgwF3yBvCDZBtjbEaPnQC4pHq2HRRF7kEr/RKiQ9UFnz3a8oeutV2vA\nikh2rqmzZA7nv2mH2M3HNGzzQxYHo3VwYYko37UQbGhk3IIN/uh1MyRjXbI3OOf6\nuB/di03ZhcpmNIQnTSvm8t/3joh06cK5+QH80P5wj9hmWysCAwEAAaOBrzCBrDAd\nBgNVHQ4EFgQUawjRxUaIgV5T0oQIwvR468UDztswHwYDVR0jBBgwFoAUyoWXn6uX\nTGoBt4+By7YtrUO8C4YwKgYDVR0RBCMwIYcEwKgBKYcEwKgBM4cEwKgBPYINKi5j\nb250b3NvLmNvbTAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH\nAwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAGyx\ntGDAc7++R5j5GkEdkfFzm/+0faFktVw9sf507JFLH2xPtypiJ8erNmc/UisqMwrz\nkCQ0J4i7SkYdGi+XPgulZQGJxSRbfGsROJ8AWfkFb8nLwtXNv98NHdNPhKnLpYAh\nzpI/vDgsk4NTE/V2zpzokgFkmiQPZUnOSHsMIFgVwFT23SqrYmJ16tNenFUi7EMM\nLgI4r145lA0hc22O2R73VSP2Ta4OLgtS+vru287ycptKnpYMY3pRT9Fab8tVoul1\nYgjvJZ+iH/Pg0H1M6g10CmsFtwjEzjNl6XNtAD+aJ4gBK/3/QJvtmyaHIJt0Xoti\nbY2pJYR0D46kiJcQ07A=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDiTCCAnGgAwIBAgIGAYLFsWT/MA0GCSqGSIb3DQEBCwUAMFMxMzAxBgNVBAMM\nKnZSZWFsaXplIFN1aXRlIExpZmVjeWNsZSBNYW5hZ2VyIExvY2tlciBDQTEPMA0G\nA1UECgwGVk13YXJlMQswCQYDVQQGEwJJTjAeFw0yMjA4MjIxMzE1MTNaFw0zMjA4\nMTkxMzE1MTNaMFMxMzAxBgNVBAMMKnZSZWFsaXplIFN1aXRlIExpZmVjeWNsZSBN\nYW5hZ2VyIExvY2tlciBDQTEPMA0GA1UECgwGVk13YXJlMQswCQYDVQQGEwJJTjCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSkeauKy2hnFMnq5pPP2fla\nCP683TAyJtotv6LmgqdrExusd5N4qLrUWULPfaHDlbATwqiTs3Z/IELi3feQmhkN\nwmsvU13tKzIy8kKIeyTDvFynzUkn+0cYoSVJE4WXCwu2I2NrBewl8TYUiqXYagXE\nFNwaw/EdPoaNJwWnxzQ9lRxZ1k4PODCG5E7pe/tmvmweaGsCByOSf041uv/AYVRx\nKY2hxhKYSYsI6T6cRhFOy9rTA+sBq2TEAqKLz/yOgSumd8r/ydiPuIEzdPGlfdU4\nl2E1NwZ2ZZdWPr4PJtcjU5cJX6G3UxwfMwY0m0tB7WsA49VoaIF6mUx11SmMdJcC\nAwEAAaNjMGEwHQYDVR0OBBYEFMqFl5+rl0xqAbePgcu2La1DvAuGMB8GA1UdIwQY\nMBaAFMqFl5+rl0xqAbePgcu2La1DvAuGMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P\nAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAL2gv4DFlcz5za+CTrBVmgXuJW\nWAywMB+KXRVFMFZfyqecXM+57Cl0Nf4x1/8ep/dwU+nyNnlT/gc1CDey1iCu5h4l\nFI0kI8E1Vm/R33mCZshcpP9SCz1M3caKWaS3AGpYe+c35tA2i3RfkRO0/wPaud5I\nn+HMqUxqqcqGepPT+E/1Q2CQaZ2wBlct+rcmoF+HrNNLWX3Oa4jWlaNZmSP7pF7v\nmdAATEz1V1ApwRzKYKVZtSThAnIgCXOvKd3INenE3ez3i9PAFZBeujkI9H3eeDRL\nrQGYwltX2MwljWf0jhwKbfUBBYD/wbRwITJL7/u8/QmXlaTgWKCAwcv8SYTS\n-----END CERTIFICATE-----\n",
    "leafCert": "-----BEGIN CERTIFICATE-----\nMIIDyjCCArKgAwIBAgIGAYLVaReMMA0GCSqGSIb3DQEBCwUAMFMxMzAxBgNVBAMM\nKnZSZWFsaXplIFN1aXRlIExpZmVjeWNsZSBNYW5hZ2VyIExvY2tlciBDQTEPMA0G\nA1UECgwGVk13YXJlMQswCQYDVQQGEwJJTjAeFw0yMjA4MjUxNDMwMTBaFw0yNDA4\nMjQxNDMwMTBaMEcxFjAUBgNVBAMMDSouY29udG9zby5jb20xDzANBgNVBAsMBnZt\nd2FyZTEPMA0GA1UECgwGdm13YXJlMQswCQYDVQQGEwJLUjCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBAMCOGWJxxsvMtQE15SjhivJA7PXI22HWYLWcNT4K\nyYzepHhUGcGoVAndaggZbHyMVF0LQiiRkheykX1LPn5Rl1I1EYyqHdp1niA9bGgh\ncsRoOVxOQZXlUnLxnSMISniSwPfS48LQcBVvufKURSwwaIwNp0AIty7yMjH6PG7r\ngSsLoQMRlFgwF3yBvCDZBtjbEaPnQC4pHq2HRRF7kEr/RKiQ9UFnz3a8oeutV2vA\nikh2rqmzZA7nv2mH2M3HNGzzQxYHo3VwYYko37UQbGhk3IIN/uh1MyRjXbI3OOf6\nuB/di03ZhcpmNIQnTSvm8t/3joh06cK5+QH80P5wj9hmWysCAwEAAaOBrzCBrDAd\nBgNVHQ4EFgQUawjRxUaIgV5T0oQIwvR468UDztswHwYDVR0jBBgwFoAUyoWXn6uX\nTGoBt4+By7YtrUO8C4YwKgYDVR0RBCMwIYcEwKgBKYcEwKgBM4cEwKgBPYINKi5j\nb250b3NvLmNvbTAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH\nAwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAGyx\ntGDAc7++R5j5GkEdkfFzm/+0faFktVw9sf507JFLH2xPtypiJ8erNmc/UisqMwrz\nkCQ0J4i7SkYdGi+XPgulZQGJxSRbfGsROJ8AWfkFb8nLwtXNv98NHdNPhKnLpYAh\nzpI/vDgsk4NTE/V2zpzokgFkmiQPZUnOSHsMIFgVwFT23SqrYmJ16tNenFUi7EMM\nLgI4r145lA0hc22O2R73VSP2Ta4OLgtS+vru287ycptKnpYMY3pRT9Fab8tVoul1\nYgjvJZ+iH/Pg0H1M6g10CmsFtwjEzjNl6XNtAD+aJ4gBK/3/QJvtmyaHIJt0Xoti\nbY2pJYR0D46kiJcQ07A=\n-----END CERTIFICATE-----\n",
    "validations": [],
    "validity": {
        "period": "1 year, 11 months and 29 days",
        "expiresOn": "2024-08-24T14:30:10.000+0000",
        "issuedOn": "2022-08-25T14:30:10.000+0000",
        "healthy": true
    },
    "certInfo": {
        "subject": "CN=*.contoso.com,OU=vmware,O=vmware,C=KR",
        "issuer": "CN=vRealize Suite Lifecycle Manager Locker CA,O=VMware,C=IN",
        "san": "IP: 192.168.1.41, IP: 192.168.1.51, IP: 192.168.1.61, DNS: *.contoso.com",
        "algorithm": "SHA256WITHRSA",
        "keyAlgorithm": "RSA",
        "keyLength": 2048,
        "sha256": "67360f2744f7b6511c05cfd1509fa025ae91c3ec",
        "sha1": "67360f2744f7b6511c05cfd1509fa025ae91c3ec"
    }
}

 

[참고 자료]

List All Certificates V2

https://developer.vmware.com/apis/vrealize-suite-lifecycle-manager/latest/lcm/locker/api/v2/certificates/get/

 

Get Certificate Details By VMid V2
https://developer.vmware.com/apis/vrealize-suite-lifecycle-manager/latest/lcm/locker/api/v2/certificates/vmid/get/

 

 

'Management' 카테고리의 다른 글

[LogInsight] How to configure AVI compatible with Syslog RFC  (0) 2022.10.27
[Automation] How to unregister the specific resource from the deployment  (0) 2022.10.07
[Automation] How to login vRealize Automation API Server  (0) 2022.09.30
[LCM] Root/Intermediate certificate already expired  (0) 2022.09.07
[LCM] Locker CA Certificate 확인  (0) 2022.08.30

'Management' Related Articles

티스토리툴바