Updating a Certificate PEM

For imported certificates and certificates with a private key that you manage externally, you can't use the Certificatesservice to automate renewal for the certificate, but you can update the certificate yourself. A new PEM can contain an SSL certificate, the certificate's private key, an SSL certificate chain with certificates and their associated private keys, or a certificate signing request (CSR) signed by the issuing third-party certificate authority (CA).

    1. On the Certificates list page, select the name of the certificate that you want to update. If you need help finding the list page, see Listing Certificates.

      To find a certificate in a different compartment, under List scope, select a different compartment.

    2. Under Versions, select Renew Certificate.
    3. For externally managed certificates, provide a new CSR. For imported certificates, provide new certificate contents by doing one of the following:
      • For the CSR or each component of the certificate, select Upload File, and then select Select One to upload the PEM file.
      • For the CSR or each component of the certificate, select Paste Content, and then select the text box to paste the PEM file contents directly.
    4. (Optional) For imported certificates, if the private key has a passphrase, select Private Key PEM Passphrase and provide the passphrase.
    5. When you're ready, select Renew Certificate.
  • Note

    The command that you use to update a certificate PEM depends on whether the certificate has a private key that you manage externally or whether the certificate was issued by a third-party certificate authority (CA) and then imported.

    Use the oci certs-mgmt certificate update-certificate-managed-externally command and required parameters to update a certificate that has a private key that you manage externally:

    oci certs-mgmt certificate update-certificate-managed-externally --certificate-id <certificate_OCID> --csr-pem <certificate_signing_request_PEM>

    For example:

    oci certs-mgmt certificate update-certificate-managed-externally --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --csr-pem file://path/to/csr.pem

    Or, use the oci certs-mgmt certificate update-certificate-by-importing-config-details command and required parameters to update a certificate that you imported:

    oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id <certificate_OCID> --certificate-pem <certificate_PEM> --private-key-pem <certificate_private_key_PEM> --cert-chain-pem <certificate_chain_PEM>

    For example:

    oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --certificate-pem file://path/to/certificate.pem --private-key-pem file://path/to/privatekey.pem --cert-chain-pem file://path/to/certificatechain.pem

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the UpdateCertificate operation to update a certificate PEM.