Configure and Generate a Self-Signed Certificate

To configure your certificate, follow these steps.

The process involves the following steps:

  1. Local Key Generation: Create a private key with OpenSSL.
  2. CSR Generation: Use the private key to create a CSR.
  3. OCI CA Signing: Upload the CSR to the OCI Certificates CA to get a signed certificate.
  4. Deployment: Install the signed certificate with its chain and private key on the target server.

Here are the detailed steps:

  1. On your own machine, use OpenSSL to generate a 2048-bit RSA private key. For example:
    openssl genpkey -algorithm RSA -out myserver.key -pkeyopt
    rsa_keygen_bits:2048
    This creates a private key file named myserver.key.
  2. Use the private key to generate the CSR. For example:
    openssl req -new -key myserver.key -out myserver.csr
    You are prompted for details used in the certificate. For example:
  3. Upload the generated CSR to the OCI Certificates CA.
    1. Log in to the OCI console, select Identity & Security, and select Certificates.
    2. Click Create Certificate.
    3. Select Import CSR.
    4. Upload your csr file (for example, myserver.csr).
    The CA will sign your CSR and generate:
    • A CA-signed certificate
    • A root/intermediate certificate chain
  4. Download and deploy your certificates.
    1. In OCI Certificates, locate your new certificate.
    2. Click View Content and then select Download:
      • CA-signed certificate
      • Certificate chain
    3. Upload the following to your server:
      • Your private key, such as myserver.key
      • CA-signed certificate
      • Certificate chain
    4. Configure your server, such as Apache or NGINX, to use these files for HTTPS/TLS interactions with your OCI services.