HPE Developer Community Portal

Authenticating

The certificate management cmdlets use OAuth to authenticate.

Use the Get-HPESvtAuthToken cmdlet to obtain an OAuth access_token. The access_token is stored in an encrypted file and is automatically used by any of the Powershell cmdlets during the same session. The access_token has a ten minute idle lifetime.

To add or delete a certificate, you must authenticate as a user in the hypervisor management system (HMS) administrator role or as the svtcli user. To get certificates, you need to authenticate with the HMS, but the HMS administrator role is not required.

You need to obtain a token from each Virtual Controller where you want to manage certificate trust stores by using the Powershell cmdlets.

Authenticating as the HMS administrator

At the command line, you can pass the username then provide the password when prompted by Get-HPESvtAuthToken. For example:

PS C:\> Get-HPESvtAuthToken 192.0.2.2  admin-username

If you are scripting the authentication, you can combine the credentials into an object, then pass the object. The following example uses the $creds object to pass the credentials.

# securely store the password
PS C:\HPESvtCmdlets> $secpasswd = ConvertTo-SecureString "password" -AsPlainText -Force

PS C:\HPESvtCmdlets> $creds = New-Object System.Management.Automation.PSCredential("admin-username", $secpasswd)
PS C:\HPESvtCmdlets> Get-HPESvtAuthToken 192.0.2.2 $creds

It returns an access_token. For example:

access_token : bd96becc-71e7-4eca-8859-cbbdfb6d1cdd
token_type   : bearer
expires_in   : 86399
scope        : read write
updated_at   : 1544475704159

Authenticating as the svtcli user

You might need to authenticate as the svtcli user when the hypervisor management system is not reachable by the Virtual Controller.

You can use the same technique of combining the credentials into the $creds object and then passing $creds on the command line, but when you authenticate as the svtcli user, you must pass the -emergency parameter. For example:

$emergencypwd = ConvertTo-SecureString "password" -AsPlainText -Force
$emergencycreds = New-Object System.Management.Automation.PSCredential("svtcli",$emergencypwd)
$oauthcred = Get-HPESvtAuthToken -HostName $ovcip -credential $emergencycreds -emergency

It returns an access_token. For example:

access_token : bd96becc-71e7-4eca-8859-cbbdfb6d1cdd
token_type   : bearer
expires_in   : 86399
scope        : read write
updated_at   : 1544475704159

Blog feed