Oracle Cloud Infrastructure Documentation

Editing a Certificate Revocation List

Edit information about where a certificate authority (CA)'s certificate revocation list (CRL) is stored or the custom formatted URL configured as the CRL distribution point (CDP).

    1. On the Certificate Authorities list page, select the certificate authority that you want to work with. If you need help finding the list page or the certificate authority, see Listing Certificate Authorities.
      The certificate authority's details page opens.
    2. On the certificate authority's details page, select Edit Revocation Configuration.
      Edit revocation configuration panel opens.
    3. Update any of the following settings:
      • Object Storage Bucket: The bucket that stores the CRL. If needed, select Change Compartment to find a bucket in a different compartment.
      • Object Name Format: The object name. You can include curly braces in the object name to indicate where the service can insert the issuing certificate authority version number. This addition helps prevent the overwriting of an existing CRL whenever you create another certificate authority version. For more information about object names, see Object Names.
      • Custom Formatted URLs: The URL that you want to use with APIs to access the object. This URL is named in certificates as the CRL distribution point (CDP). You can include curly braces in the URL to indicate where the service can insert the issuing certificate authority version number. This addition helps avoid overwriting an existing CDP whenever you create another certificate authority version. (You can specify an HTTPS URL only if no circular dependencies in the verification of the HTTPS chain exist.)
    4. Select Update.

  • You can edit where the certificate revocation list (CRL) is stored and the custom formatted URL configured as the CRL distribution point (CDP). The command you use depends on whether the certificate authority is a root certificate authority or a subordinate certificate authority.

    Use the oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details command and required parameters to edit the revocation configuration of a root certificate authority:

    oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id <CA_OCID> --certificate-revocation-list-details <CDP_URL_and_CDP_object_storage> [OPTIONS]

    For example:

    oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --certificate-revocation-list-details file://path/to/revocationconfig.json

    To edit the revocation configuration of a subordinate CA, open a command prompt and run the oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca command and required parameters:

    oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id <CA_OCID> --certificate-revocation-list-details <CDP_URL_and_CDP_object_storage> [OPTIONS]

    For example:

    oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --certificate-revocation-list-details file://path/to/revocationconfig.json

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the UpdateCertificateAuthority operation to edit the revocation configuration of a CA.