Oracle Cloud Infrastructure Documentation

Uploading Certificates Generated from a CSR

Learn how to upload the signed certificate required for initialization of a new HSM cluster in OCI Dedicated Key Management.

The third step is to upload the certificates generated from the certificate signing request (CSR). The certificates are the Partition certificate (partitionCert.pem) and the Partition Owner certificate (partitionOwnerCert.pem).

  • Complete the following steps to activate the HSM cluster:

    1. Open the navigation menu , select Identity & Security, and then select Dedicated Key Management.
    2. In the HSM Cluster summary table, find a cluster in "Initialization Required" state, select the the Actions menu Actions Menu and then select Download & Upload Certificates.

      Note: The Download & Upload Certificates option is visible only for HSM partitions in "Initialization required" state.

    3. In the Download & Upload Workflow page, select Upload Certificates and then, select the partition certificate and partition owner certificate from your local machine.
    4. Select Upload.

  • Open a command prompt and run upload-partition-certificates to download the certificate.

    oci kms kms-hsm-cluster hsm-cluster upload-partition-certificates --hsm-cluster-id

    For example:

    oci kms kms-hsm-cluster hsm-cluster upload-partition-certificates --hsm-cluster-id, --partition-certificate, --partition-owner-certificate

    For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

  • Use the UploadPartitionCertificates API with the KMSHSMCLUSTER endpoint to upload the partition owner certificates to the HSM Cluster resource.

    Note

    Each region uses the KMSHSMCLUSTER API endpoint for HSM cluster operations. For regional endpoints, see the API Endpoints.