Oracle Cloud Infrastructure Documentation

Importing your own Certificate Authority

You can import an external root Certificate Authority (CA) into OCI Certificates by providing the certificate (PEM), without ever uploading your private keys. OCI registers the CA as an externally managed root CA, maintaining trust with an existing Public Key Infrastructure while ensuring keys remain solely under your control.

  • To import your own root Certificate Authority, follow these steps.

    1. Navigate to the Certificate Authorities list page. If you need help finding the list page, see Listing Certificate Authorities.
    2. Select Import Certificate Authority.
    3. Enter the following information:
      • Name: Enter a name for your CA.
      • Description: Enter a description to help identify the CA. Avoid entering confidential information.
      • Compartment: Select the target compartment for the CA.
    4. Select the Input type.

      The CA certificate contains the certificate resource name, description, subject information, validity period, issuing CA, serial number, public key, and digital signature. Two options are available to import the certificate.

      Upload file

      If Upload file is selected, do the following:

      • File selector: Select the file using the file browser or drag and drop the file name.
      • External Key Description: Provide a description for the externally managed private key.
      Paste content

      If Paste content is selected, do the following:

      • Paste the certificate text into the Paste certificate text box.
      • External Key Description: Provide a description for the externally managed private key.
    5. Select Import.

  • The command creates a root CA.

    Use the oci certs-mgmt certificate-authority create-root-ca-by-generating-config-details command and required parameters to import a root CA:

    oci certs-mgmt certificate-authority create-root-ca-managed-externally --certificate-pem "<your_certificate_text_here>" --compartment-id <your_compartment_id> --name <your_certificate_authority_name> --external-key-description "<your_certificate_authority_description>"

    For example:

    oci certs-mgmt certificate-authority create-root-ca-managed-externally \
  --certificate-pem "-----BEGIN CERTIFICATE----- MIIFfDCCA2SgAwIBAgIBATANBgkqhkiG9w0BAQsaIcs1Ae<your_certificate_text_here> -----END CERTIFICATE-----\n" \
  --compartment-id ocid1.compartment.oc1..aaaaaaaa7z... \
  --name Example_ExternalRootCA \
  --external-key-description "Example external key description"

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.

    Use this API operation to import a certificate authority: CreateCertificateAuthority.