Obtaining the Certificate Authority Bundle

Whether you configured the OCI CLI manually or used the automated tool, you must obtain the Private Cloud Appliance external silo CA chain before you can run commands.

The external silo CA chain must be copied to the system where you're installing the CLI and referenced in the oci_cli_rc file.

Navigate to your ~/.oci directory.
Copy the external silo CA chain from the following location:
```
https://iaas.system-name.domain-name/cachain
```
Save the CA chain in a file. In this example, the file is named ca.crt and is saved in the ~/.oci directory.
In the ~/.oci directory, create a file named oci_cli_rc. Add the profile name and the path to your copy of the external silo CA chain. For example:
```
[PCA1]
cert-bundle=/home/username/.oci/ca.crt
```
Set the OCI_CLI_CERT_BUNDLE environment variable to the same path as in the previous step.

What's Next?

See Testing the OCI CLI Configuration.

Oracle Cloud Infrastructure Documentation

Obtaining the Certificate Authority Bundle