DOC-5210 Updated certificate REST API requests reference for customer-provided INE certs

rrelledge · rrelledge · commit 4270cf3093ef · 2025-09-11T19:53:06.000-05:00
diff --git a/content/operate/rs/references/rest-api/objects/certificates.md b/content/operate/rs/references/rest-api/objects/certificates.md
@@ -0,0 +1,19 @@
+---
+Title: Certificates object
+alwaysopen: false
+categories:
+- docs
+- operate
+- rs
+description: An object that represents a certificate
+linkTitle: certificates
+weight: $weight
+---
+
+An API object that represents a certificate used by a Redis Enterprise Software cluster.
+
+| Name | Type/Value | Description |
+|------|------------|-------------|
+| name | `cm`<br />`api`<br />`mtls_trusted_ca`<br />`proxy`<br />`metrics_exporter`<br />`syncer`<br />`ldap_client`<br />`ccs_internode_encryption`<br />`data_internode_encryption` | Certificate type.<br />See the [certificates table]({{< relref "/operate/rs/security/certificates" >}}) for the list of cluster certificates and their descriptions. |
+| certificate | string | The certificate in PEM format |
+| key | string | The private key in PEM format |
diff --git a/content/operate/rs/references/rest-api/requests/cluster/certificates/_index.md b/content/operate/rs/references/rest-api/requests/cluster/certificates/_index.md
@@ -15,7 +15,8 @@ weight: $weight
 | Method | Path | Description |
 |--------|------|-------------|
 | [GET](#get-cluster-certificates) | `/v1/cluster/certificates` | Get cluster certificates |
-| [PUT](#put-cluster-update_cert) | `/v1/cluster/update_cert` | Update a cluster certificate |
+| [PUT](#put-cluster-certificates) | `/v1/cluster/certificates` | Update cluster certificates |
+| [PUT](#put-cluster-update_cert) | `/v1/cluster/update_cert` | Update a cluster certificate (deprecated as of Redis Enterprise Software version 7.22.2) |
 | [DELETE](#delete-cluster-certificate) | `/v1/cluster/certificates/{certificate_name}` | Delete cluster certificate |
 
 ## Get cluster certificates {#get-cluster-certificates}
@@ -62,15 +63,83 @@ Returns a JSON object that contains the cluster's certificates and keys.
 
 | Code | Description |
 |------|-------------|
-| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | No error |
+| [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | No error |
 
 
+## Update cluster certificates {#put-cluster-certificates}
+
+```sh
+PUT /v1/cluster/certificates
+```
+
+Replaces multiple cluster certificates with the provided certificates on all nodes within the cluster. This endpoint validates all provided certificates before actually updating the cluster.
+
+See the [certificates table]({{< relref "/operate/rs/security/certificates" >}}) for the list of cluster certificates and their descriptions.
+
+### Request {#put-certificates-request}
+
+#### Example HTTP request
+
+```sh
+PUT /v1/cluster/certificates
+```
+
+#### Example JSON body
+
+```json
+{
+  "certificates": [
+    {
+      "name": "proxy",
+      "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+      "key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
+    },
+    {
+      "name": "api",
+      "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+      "key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
+    }
+  ]
+}
+```
+
+#### Request headers
+
+| Key | Value | Description |
+|-----|-------|-------------|
+| Host | cnm.cluster.fqdn | Domain name |
+| Accept | application/json | Accepted media type |
+
+#### Request body
+
+Include an array of [certificate objects]({{<relref "/operate/rs/references/rest-api/objects/certificates">}}) in the request body.
+
+### Response {#put-certificates-response}
+
+Returns a `200 OK` status code if all certificates are successfully replaced across the entire cluster.
+
+If the response returns a failed status code, you should retry updating the certificates in case the cluster is no longer in an optimal state.
+
+### Status codes {#put-certificates-status-codes}
+
+| Code | Description |
+|------|-------------|
+| [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | No error |
+| [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Failed, invalid certificate(s) |
+| [403 Forbidden](https://www.rfc-editor.org/rfc/rfc9110.html#name-403-forbidden) | Failed, unknown certificate(s) |
+| [406 Not Acceptable](https://www.rfc-editor.org/rfc/rfc9110.html#name-406-not-acceptable) | Failed, expired certificate(s) |
+| [409 Conflict](https://www.rfc-editor.org/rfc/rfc9110.html#name-409-conflict) | Failed, not all nodes have been updated |
+
 ## Update cluster certificate {#put-cluster-update_cert}
 
 ```sh
 PUT /v1/cluster/update_cert
 ```
 
+{{<note>}}
+This REST API path is deprecated as of Redis Enterprise Software 7.22.2 and will be removed in a future version. Use [`PUT /v1/cluster/certificates`](#put-cluster-certificates) instead.
+{{</note>}}
+
 Replaces an existing certificate on all nodes within the cluster with a new certificate. The new certificate must pass validation before it can replace the old certificate.
 
 See the [certificates table]({{< relref "/operate/rs/security/certificates" >}}) for the list of cluster certificates and their descriptions.
@@ -105,12 +174,12 @@ Otherwise, retry the certificate update in case the failure was due to a tempora
 
 | Code | Description |
 |------|-------------|
-| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | No error |
-| [400 Bad Request](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1) | Failed, invalid certificate. |
-| [403 Forbidden](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4) | Failed, unknown certificate. |
-| [404 Not Found](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5) | Failed, invalid certificate. |
-| [406 Not Acceptable](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.7) | Failed, expired certificate. |
-| [409 Conflict](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.10) | Failed, not all nodes have been updated. |
+| [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | No error |
+| [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Failed, invalid certificate. |
+| [403 Forbidden](https://www.rfc-editor.org/rfc/rfc9110.html#name-403-forbidden) | Failed, unknown certificate. |
+| [404 Not Found](https://www.rfc-editor.org/rfc/rfc9110.html#name-404-not-found) | Failed, invalid certificate. |
+| [406 Not Acceptable](https://www.rfc-editor.org/rfc/rfc9110.html#name-406-not-acceptable) | Failed, expired certificate. |
+| [409 Conflict](https://www.rfc-editor.org/rfc/rfc9110.html#name-409-conflict) | Failed, not all nodes have been updated. |
 
 
 ## Delete cluster certificate {#delete-cluster-certificate}
@@ -143,7 +212,7 @@ Returns a status code that indicates the certificate deletion success or failure
 
 | Code | Description |
 |------|-------------|
-| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | Operation successful |
-| [404 Not Found](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5) | Failed, requested deletion of an unknown certificate |
-| [403 Forbidden](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4) | Failed, requested deletion of a required certificate |
-| [500 Internal Server Error](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1) | Failed, error while deleting certificate from disk |
+| [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Operation successful |
+| [404 Not Found](https://www.rfc-editor.org/rfc/rfc9110.html#name-404-not-found) | Failed, requested deletion of an unknown certificate |
+| [403 Forbidden](https://www.rfc-editor.org/rfc/rfc9110.html#name-403-forbidden) | Failed, requested deletion of a required certificate |
+| [500 Internal Server Error](https://www.rfc-editor.org/rfc/rfc9110.html#name-500-internal-server-error) | Failed, error while deleting certificate from disk |
