SSL Certificates

Creating a Load Balancer Certificate

You can create a public SSL certificate to use with a load balancer. Certificates are one of the resources listed for a load balancer. You can either upload the certificate as a .pem file, of paste the content from the .pem file directly into the creation dialog box using drag and drop. The certificates are stored in the Vault and you must have access to the vault to configure and use load balancer certificates.

Optionally, you can also provide a certificate for a Certificate Authority (CA) or configure a private key.

Using the Compute Web UI

Open the Navigation Menu. Under Networking, click Load Balancers.
Click the name of the Compartment for which you want to create the load balancer certificate.
Click the name of the LB for which you want to create the certificate.
Under Resources, click Certificates.
Click Create Certificate.
In the Load Balancer Create Certificate window, in the Certificate Name field, give a name to the LB certificate. For example, my_new_certificate.
In the Public certificate field, choose either Select an SSL Certificate (.pem file) to upload, or Paste the content from the SSL Certificate (.pem) file.
Click the Enable certificate authority box in the Certificate Authority field if you are also using a certificate authority certificate. You can either Select a Certificate Authority certificate (.pem file) to upload, or Paste the content from the Certificate Authority certificate (.pem) file.
Click the Enable private key box in the Private Key field if you are also using a private key certificate. You can either Select a Private Key (.pem file) to upload, or Paste the content from the private key (.pem) file.
Click the Create Certificate button in the dialog.

Using the OCI CLI

Gather the information you need to run the command:
- Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)
- LB OCID (oci lb load-balancer list --compartment-id compartment_OCID)
Run the certificate create command.

Use the LB OCID, certificate name, and certificate to create the certificate for the LB in the specified compartment.

Note:
For information about optional parameters, run the command with the --help option.

Syntax (entered on a single line):
```
oci lb certificate create --certicate-name certificate-name \ 
--load-balancer-id load-balancer_OCID --certificate-file [path/to/file]
```
Where:

• certificate-name is the name associated with the certificate, such as example-certificate.

• load-balancer_OCID is the OCID of the load balancer associated with the backend set and servers.

• certificate-file is the path the certificate file to use with the LB.

Example:
```
$ oci lb certificate create --certificate-name example-certificate \
--load-balancer-id ocid1.loadbalancer....….….….uniqueID \
--certificate-file [path/to/file]
 
{
  "opc-work-request-id": "ocid1.workrequest.oc1.pca.....….….….uniqueID"
}
```
Note:
The command returns a work request ID. To see the certificate results, you must list all certificates associated with the specified LB and verify that the certificate created is listed. Use the oci lb certificate list command to view the certificate details.
```
$ oci lb certificate list --load-balancer-id ocid1.loadbalancer....….….….uniqueID

{
 "data": [
   {
     "ca-certificate": null,
     "certificate-name": "example-certificate",
     "public-certificate": "-----BEGIN CERTIFICATE-----
        \nMIIbzCCA1egAwIBAIRAPzlN4TlBFyD+ChLMQehGMwDQYJKoZIvcNAQEL...[OUTPUT TRUNCATED]
        -----END CERTIFICATE-----"
   }
  ]
}
```

For general information about LBaaS, see the Oracle Private Cloud Appliance Concepts Guide.

Viewing a Load Balancer Certificate

You can view a public SSL certificate used with a load balancer. Certificates are one of the resources listed for a load balancer. You can't edit any of the details. To change a certificate, you delete the old one and create another one.

Using the Compute Web UI

Open the Navigation Menu. Under Networking, click Load Balancers.
Click the name of the Compartment for which you want to view the load balancer certificate.
Click the name of the LB for which you want to view the certificate.
Under Resources, click Certificates.
All the details of the configured certificates are displayed.

Note:
The Actions menu has a Details choice under the three-dot drop-down list, but this choice adds nothing to the details displayed.

Using the OCI CLI

Gather the information you need to run the command:
- Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)
- LB OCID (oci lb load-balancer list --compartment-id compartment_OCID)

Run the certificate list command.

Use the LB OCID list the certificate details for the LB in the specified compartment.

Note:

For information about optional parameters, run the command with the --help option.

Syntax (entered on a single line):

oci lb certificate list --load-balancer-id load-balancer_OCID

Where:

• load-balancer_OCID is the OCID of the load balancer associated with the backend set and servers.

Example:

$ oci lb certificate list --load-balancer-id ocid1.loadbalancer....….….….uniqueID

{
 "data": [
   {
     "ca-certificate": null,
     "certificate-name": "CERT1-lb1-w",
     "public-certificate": "-----BEGIN CERTIFICATE-----
        \nMIIbzCCA1egAwIBAIRAPzlN4TlBFyD+ChLMQehGMwDQYJKoZIvcNAQEL...[OUTPUT TRUNCATED]
        -----END CERTIFICATE-----"
   }
  ]
}

Deleting a Load Balancer Certificate

You can delete a public SSL certificate used with a load balancer. Certificates are one of the resources listed for a load balancer. To change a certificate, you delete the old one and create another one.

Using the Compute Web UI

Open the Navigation Menu. Under Networking, click Load Balancers.
Click the name of the Compartment for which you want to delete the load balancer certificate.
Click the name of the LB for which you want to delete the certificate.
Under Resources, click Certificates.
All the details of the configured certificates are displayed.

Note:
The Actions menu has a Details choice under the three-dot drop-down list, but this choice adds nothing to the details displayed.
Click Delete on the Action menu (three-dots) drop-down list next to the certificate to delete.
Click Confirm to delete the named Certificate.

Using the OCI CLI

Gather the information you need to run the command:
- Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)
- LB OCID (oci lb load-balancer list --compartment-id compartment_OCID)
Run the certificate delete command.

Use the LB OCID to delete the certificate details for the LB in the specified compartment.

Note:
For information about optional parameters, run the command with the --help option.

Syntax (entered on a single line):
```
oci lb certificate delete --certificate-name certificate_name \ 
--load-balancer-id load-balancer_OCID 
```
Where:

• certificate-name is the name associated with the certificate, such as example-certificate.

• load-balancer_OCID is the OCID of the load balancer associated with the backend set and servers.

Example:
```
$ oci lb certificate delete --certificate-name example-certificate \
   --load-balancer-id ocid1.loadbalancer....….….….uniqueID

Are you sure you want to delete this resource? [y/N]: y
{
 "opc-work-request-id": "ocid1.workrequest.1907XDB006.xxxxx.loadbalancer....….….….uniqueID"
}
```
Note:
The command returns a work request ID. To see the certificate deletion results, you must list all certificates associated with the specified LB and verify that the certificate deleted isn't listed. Use the oci lb certificate list command to view the certificate details.
```
$ oci lb certificate list --load-balancer-id ocid1.loadbalancer....….….….uniqueID 
```