Importing a Certificate
Import a certificate if you already have a certificate but want to manage it by using the Certificates service.
This task describes how to import a certificate issued by a third-party certificate authority (CA) that you plan to manage by using the Certificates service. For the steps to issue a certificate that you issue and manage internally with the Certificates service, see Creating a Certificate. For the steps to issue a certificate that you manage externally with a third-party CA, see Creating a Certificate to Manage Externally.
The Certificates service supports the import of certificates with the following key algorithms, key sizes, and signature algorithms:
Key Algorithm | Key Size (Length or Curve ID) | Signature Algorithm |
---|---|---|
RSA |
|
|
ECDSA |
|
|
- Certificate bundle size: 51,200 bytes
- Private key size: 5,120 bytes
- Certificate size: 10,240 bytes
In the certificate subject, you must have a country code that complies with ISO 3166 standards. All certificates in the certificate chain must comply with this requirement for the service to consider the chain valid.
For information about generating a compliant encrypted private key, see Generating Compliant Encrypted Private Keys.
Use the oci certs-mgmt certificate create-by-importing-config command and required parameters to import a certificate issued by a third-party certificate authority (CA) that you plan to manage by using the Certificates service:
oci certs-mgmt certificate create-by-importing-config --compartment-id <compartment_OCID> --cert-chain-pem <certificate_chain_contents_file> --certificate-pem <certificate_contents_file> --name <certificate_name> --private-key-pem <private_key_file>
For example:
oci certs-mgmt certificate create-by-importing-config --compartment-id ocid1.compartment.oc1..<unique_id> --cert-chain-pem file://path/to/certchain.pem --certificate-pem file://path/to/leafcert.pem --name importedCert --private-key-pem file://path/to/privatekey.pem
For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.
Run the CreateCertificate operation to import a certificate.