Editing a Certificate Revocation List

Edit information about where a certificate authority's certificate revocation list (CRL) is stored or the custom formatted URL configured as the CRL distribution point (CDP).

• Console
• CLI
• API

• 1. Open the navigation menu and click Identity & Security.
  2. Under Certificates, click Certificate Authorities.
  3. From the list of CAs in the compartment, click the name of the CA with the CRL that you want to edit.

     To find a CA in a different compartment, under List scope, choose a different compartment.

  4. Click Edit Revocation Configuration.
  5. Do one or more of the following:
     • Under Object Storage Bucket, specify the bucket that stores the CRL. If needed, click Change Compartment to find a bucket in a different compartment.
     • Under Object Name Format, specify the object name. You can include curly braces in the object name to indicate where the service can insert the issuing CA version number. This addition helps prevent the overwriting of an existing CRL whenever you create another CA version. For more information about object names, see Object Names.
     • Under Custom Formatted URLs, provide the URL that you want to use with APIs to access the object. This URL is named in certificates as the CRL distribution point (CDP). You can include curly braces in the URL to indicate where the service can insert the issuing CA version number. This addition helps avoid overwriting an existing CDP whenever you create another CA version. (You can specify an HTTPS URL only if no circular dependencies in the verification of the HTTPS chain exist.)
  6. When you're ready, click Submit.

• You can edit where the certificate revocation list (CRL) is stored and the custom formatted URL configured as the CRL distribution point (CDP). The command you use depends on whether the CA is a root CA or a subordinate CA.

  Use the oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details command and required parameters to edit the revocation configuration of a root CA:

  oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id <CA_OCID> --certificate-revocation-list-details <CDP_URL_and_CDP_object_storage>

  For example:

  oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --certificate-revocation-list-details file://path/to/revocationconfig.json

  To edit the revocation configuration of a subordinate CA, open a command prompt and run the oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca command and required parameters:

  oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id <CA_OCID> --certificate-revocation-list-details <CDP_URL_and_CDP_object_storage>

  For example:

  oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --certificate-revocation-list-details file://path/to/revocationconfig.json

  For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

• Run the UpdateCertificateAuthority operation to edit the revocation configuration of a CA.