Oracle Cloud Infrastructure Documentation

Updating a Certificate PEM

For imported certificates and certificates with a private key that you manage externally, you can't use the Certificates service to automate renewal for the certificate, but you can update the certificate yourself. A new PEM can contain an SSL certificate, the certificate's private key, an SSL certificate chain with certificates and their associated private keys, or a certificate signing request (CSR) signed by the issuing third-party certificate authority (CA).

Note

When updating a certificate's PEM, you must specify the same common name used in previous certificate versions. A new PEM with a mismatching common name creates an unusable certificate version with a 'Failed' lifecycle state.
    1. On the Certificate Authorities list page, select the certificate authority that you want to work with. If you need help finding the list page or the certificate authority, see Listing Certificate Authorities.
      The certificate's details page opens.
    2. On the certificate's details page, select Versions
      The Versions list opens.
    3. Select Renew certificate.
      The Renew certificate panel opens.
    4. For externally managed certificates, provide a new CSR. For imported certificates, provide new certificate contents by peforming one of the following tasks:
      • For the CSR or each component of the certificate, select Upload File, and then select Select One to upload the PEM file.
      • For the CSR or each component of the certificate, select Paste Content, and then select the text box to paste the PEM file contents directly.
    5. (Optional) For imported certificates, if the private key has a passphrase, select Private Key PEM Passphrase and provide the passphrase.
    6. Select Renew certificate.
  • Note

    The command that you use to update a certificate PEM depends on whether the certificate has a private key that you manage externally or whether the certificate was issued by a third-party certificate authority (CA) and then imported.

    Use the oci certs-mgmt certificate update-certificate-managed-externally command and required parameters to update a certificate that has a private key that you manage externally:

    oci certs-mgmt certificate update-certificate-managed-externally --certificate-id <certificate_OCID> --csr-pem <certificate_signing_request_PEM> [OPTIONS]

    For example:

    oci certs-mgmt certificate update-certificate-managed-externally --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --csr-pem file://path/to/csr.pem

    Or, use the oci certs-mgmt certificate update-certificate-by-importing-config-details command and required parameters to update a certificate that you imported:

    oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id <certificate_OCID> --certificate-pem <certificate_PEM> --private-key-pem <certificate_private_key_PEM> --cert-chain-pem <certificate_chain_PEM> [OPTIONS]

    For example:

    oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --certificate-pem file://path/to/certificate.pem --private-key-pem file://path/to/privatekey.pem --cert-chain-pem file://path/to/certificatechain.pem

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the UpdateCertificate operation to update a certificate PEM.