Retrieve All Node Certificates

  • reference
    +
    The REST API can be used to retrieve the node certificate for each node in the cluster.

    Http Method and URI

    GET /pools/default/certificates

    Description

    Retrieves all node certificates in the cluster. Either the Full Admin or the Security Admin role is required.

    This API can be used on clusters that are running one or more nodes whose Couchbase-Server version is less than 7.1: however, such nodes are ignored, and their node certificates are not returned.

    Curl Syntax

    The curl syntax for this call is as follows:

    curl -X GET http://<ip-address-or-domain-name>:8091/pools/default/certificates
      -u <username>:<password>

    Responses

    Success returns 200 OK and an array, each of whose objects is a node certificate on the cluster.

    A malformed URI fails with 404 Object Not Found; failure to authenticate gives 401 Unauthorized; and insufficient privileges gives 403 Forbidden, with an error message such as {"message":"Forbidden. User needs the following permissions","permissions":["cluster.admin.security!read"]}. An incorrectly specified IP address or domain name causes the attempted connection to time out, with a Failed to connect notification.

    Example

    The following example returns each node certificate on the cluster of which node 10.144.220.101 is a member. Note that the jq command is used, to facilitate readability of the output.

    curl -X GET http://10.144.220.101:8091/pools/default/certificates -u Administrator:password | jq '.'

    If successful, the call provides a response such as the following:

    [
      {
        "node": "10.144.220.101:8091",
        "warnings": [],
        "subject": "CN=Couchbase Server",
        "expires": "2022-11-30T09:44:49.000Z",
        "type": "uploaded",
        "pem": "-----BEGIN CERTIFICATE-----\nMIIDgzCCAmugAwIBAgIUISlz/rod5BamUGP815ydZ8VJibEwDQYJKoZIhvcNAQEL\nBQAwHjEcMBoGA1UEAwwTQ291Y2hiYXNlIFJvb3QgQ0EgMTAeFw0yMTExMzAwOTQ0\nNDlaFw0yMjExMzAwOTQ0NDlaMBsxGTAXBgNVBAMMEENvdWNoYmFzZSBTZXJ2ZXIw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgQVcD/DRqYs58Z2oQe+UY\nMZSe//5Ik4cevif20OUpgQw4JErC9njThGSnNlFMfby+W8PS5j7gL5n4f2BJ2uGj\nQijxiG02nWT93cWtUJeC31xKst8/CD5QRoivwNEC1lsAAShXO1h1slHk3KJfrhmh\nK2HOKh7KSxdGJp3QdafgT7ZVF6wnOmbEOpv9t5kAYomYlJN67NdgDhWY+BOzSuLr\nR0fHqGeb0PF8Q5wbu7d/3is/nCSJkEmY4NP1mn1ZaqJKvhQ7cJjjVroTJwxArpvd\nuA8r98KY+Q0UbXh/CZYyWIlN2CETucSWddcs/uaSP34UaU8qQvmlPFBcUvRymXdL\nAgMBAAGjgbswgbgwCQYDVR0TBAIwADAdBgNVHQ4EFgQUvZ6zRSW2iD1XQ6+mmdeI\nNqgHtXkwWQYDVR0jBFIwUIAUPky9VMpib76nx7QRW0KZiHMJSzKhIqQgMB4xHDAa\nBgNVBAMME0NvdWNoYmFzZSBSb290IENBIDGCFHryt6nXaaqYhNmt5CSiEKmRIimB\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAPBgNVHREECDAGhwQK\nkNxlMA0GCSqGSIb3DQEBCwUAA4IBAQCF5R7U/gq6IfdOwktNTECxTXQP02f5R3Hb\n77zlCTMLLft+pBBfLjBTDf07qfTGfbB6AyLEKFhWJReZB5CVpTlvhUBYcapjgsqN\nrbfsFq3gO1PELOmZP8fmAAXLu4DuSC+gULE5k8DcZOU1sInbAPV+yqBuynThsvqj\nyXgRVrSz+HekGxGyUBW2e3Qzq5nfYmqjQyxtkmY7JSG2F9ym6L00iMRisq1dwpq6\n+eR1DEU+8MjHFqrOkoBfmreWjFE2oN48WJfv7jWzU/D2hRJ/wJEnTBAGpSwQRBOD\naKe+EQvMRtQ+fJEGkVFj794IB6IwGDNYfySRoBgHSX1E7tpCKJ+K\n-----END CERTIFICATE-----\n\n",
        "privateKeyPassphrase": {}
      },
      {
        "node": "10.144.220.102:8091",
        "warnings": [],
        "subject": "CN=Couchbase Server",
        "expires": "2022-11-30T09:50:07.000Z",
        "type": "uploaded",
        "pem": "-----BEGIN CERTIFICATE-----\nMIIDgzCCAmugAwIBAgIUEMpUNCuJ0pyZzC0NVLezxNEHS8IwDQYJKoZIhvcNAQEL\nBQAwHjEcMBoGA1UEAwwTQ291Y2hiYXNlIFJvb3QgQ0EgMjAeFw0yMTExMzAwOTUw\nMDdaFw0yMjExMzAwOTUwMDdaMBsxGTAXBgNVBAMMEENvdWNoYmFzZSBTZXJ2ZXIw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDawYhSc0xmLMm6lD8d3srW\nMuJEekgmToSsvb7PenvXtZciLrqKIbdFMlCUBUSdriCjBaGPFRSgZVde5w+ULHvE\navowSllakEh3WEx1HBzehtvjcl3HpGHSswOJp8SoK+qDAfR6rcPkDnjKSbVUUdHg\nehamEM1sU/FwQB7MKabNntZkLPOY6Bsav3L9ssGItlpoFkyjNN2gcs3ptC/JbWZC\n9+ckgNNz5ujqdhzhaY2bpk5rdZ4A0YfStRSgHQ2QOtzOf6PUwqtsNd/9VXQEx2gg\nHnZkunYaHjjlUMsMGhvmClMPSSff47VREWklCmASmyluS2yVNOBgupKrhUy+0f/L\nAgMBAAGjgbswgbgwCQYDVR0TBAIwADAdBgNVHQ4EFgQUVdtaa74QjG3xTo8WhXdS\naQeq4CUwWQYDVR0jBFIwUIAUh+tOj8zQs1zjQ+VgE1nsU7JoAEWhIqQgMB4xHDAa\nBgNVBAMME0NvdWNoYmFzZSBSb290IENBIDKCFAomhSzYbWZZr2/zWhD5vUSvm3KO\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAPBgNVHREECDAGhwQK\nkNxmMA0GCSqGSIb3DQEBCwUAA4IBAQBbv8UTm75is/HG+u9oDHYF2jrvN8mHiWua\nWR8VYkTNHNToZF6ps7W1cOzsTeu9+Bcj5LLfQ3SndvSHLruzYqCtnVcODOEt6xwG\nw6PZfEJNLjzlFszx/lOy4X73OqYBMbxSzovkOw8jAmZLxzrhsUGZjIElDISGd9eg\nMwegJ209zRu6SyHMaIAU/yEvxGZqK7tyYJHjjsTwYWW7CUB9gtKKPd+SVP7iGOu/\ngynUonVxFLP2g9BqmFvd1eEu60cilbj1PN0BjLtpN6h4xn3ueNYTl49X+5s5N1t9\n2d4SKxaWfCtBBEJbsTWWMsoDrM7N8yPTPkc5t7Ql4gsPZQirfico\n-----END CERTIFICATE-----\n\n",
        "privateKeyPassphrase": {}
      }
    ]

    The returned array contains two JSON objects, indicating that two node certificates are defined for the cluster. Each object contains fields for warnings, the Subject Common Name, the expiry date, the type (whether generated by Couchbase Server, or uploaded by the administrator), the pem-encoded contents of the node certificate, and the passphrase for the private key (securely displayed as asterisks).

    See Also

    Information on uploading and retrieving the cluster’s root certificate with the REST API is provided in Upload and Retrieve the Root Certificate. A general introduction to certificates is provided in Certificates. Routines for generating and deploying server and client certificates are provided in Configure Server Certificates and Configure Client Certificates, respectively.