The command you use to update a CA's expiry rule depends on whether it is a root CA or a subordinate CA.
Use the oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details command and required parameters to edit the expiry rule for a root CA:
oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id <CA_OCID> --certificate-authority-rules <CA_expiry_rules>
For example:
oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --certificate-authority-rules file://path/to/expiryrules.json
To edit the expiry rules for a subordinate CA, open a command prompt and run oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca command and required parameters:
oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id <CA_OCID> --certificate-authority-rules <CA_expiry_rules>
For example:
oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --certificate-authority-rules file://path/to/expiryrules.json
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.