Uploading Certificates Generated from a CSR
Learn how to upload the signed certificate required for initialization of a new HSM cluster in OCI Dedicated Key Management.
Prerequisites: Complete the steps in the following tasks before you start this task:
Have the partition certificate (partitionCert.pem) and the partition owner certificate (partitionOwnerCert.pem) available before starting this task.
Complete the following steps to activate the HSM cluster:
- If you're not on the Upload certificates section of the Initialize cluster workflow, follow the instructions in Downloading a Certificate Signing Request. You can skip step 3 (Download CSR) because you already have your certificates, and select Next to advance to the Upload certificates section.
- In the Upload partition certificate section, drop or select the partition certificate from your local machine into the form.
- In the Upload partition owner certificate section, drop or select the partition owner certificate from your local machine into the form.
- Select Upload.
Use the oci kms kms-hsm-cluster hsm-cluster upload-certificate-signing-request command and required parameters to download the certificate:
oci kms kms-hsm-cluster hsm-cluster upload-partition-certificates --hsm-cluster-id <hsm_cluster_ocid> [OPTIONS]For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Use the UploadPartitionCertificates API with the KMSHSMCLUSTER endpoint to upload the partition owner certificates to the HSM Cluster resource.
Note
The HSM Cluster Endpoint is used for is used for cluster management operations including Create, Update, List, Get, and Delete. This endpoint is also called the KMSHSMCLUSTER endpoint.
For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.