Editing Certificate Rules
Edit a certificate's rules to change its renewal interval and renewal period.
You can edit a certificate's renewal rule to change its automatic renewal process at any time. A renewal rule consists of a renewal interval and a renewal period. Although you configure a renewal rule for a certificate, the renewal interval is calculated against the current certificate version's expiration date. Any previous changes to the renewal rule must be complete and the certificate must be in an Active state before you can edit the renewal rule again.
The command you use to update a certificate's renewal rule depends on how you created the certificate. Furthermore, any previous changes to the renewal rule must be complete and the certificate must be in an Active state before you can edit the renewal rule again.
To change the renewal rule for a certificate that you issued and manage internally, use the oci certs-mgmt certificate update-certificate-managed-internally command and required parameters:
Note
When specifying the advance renewal period and renewal interval, use the formatP<number>D
, replacing the number variable with the desired number of days. Also, although you configure a renewal rule for a certificate, the renewal interval is calculated against the current certificate version's expiration date.oci certs-mgmt certificate update-certificate-managed-internally --certificate-id <certificate_OCID> --certificate-rules <renewal_rule_JSON>
For example:
oci certs-mgmt certificate update-certificate-managed-internally --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --certificate-rules file://path/to/renewalrule.json
To change the renewal rule for a certificate that you issued internally, but has a private key that you manage externally, use the oci certs-mgmt certificate update-certificate-managed-externally command and required parameters:
oci certs-mgmt certificate update-certificate-managed-externally --certificate-id <certificate_OCID> --csr-pem <certificate_signing_request> --certificate-rules <renewal_rule_JSON>
For example:
oci certs-mgmt certificate update-certificate-managed-externally --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --csr-pem file://path/to/externalcert.pem --certificate-rules file://path/to/renewalrule.json
To change the renewal rule for a certificate that you imported, use the oci certs-mgmt certificate update-certificate-by-importing-config-details command and required parameters:
oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id <certificate_OCID> --cert-chain-pem <certificate_chain_contents_file> --certificate-pem <certificate_contents_file> --private-key-pem <private_key_file> --certificate-rules <renewal_rule_JSON>
For example:
oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --cert-chain-pem file://path/to/certchain.pem --certificate-pem file://path/to/leafcert.pem --private-key-pem file://path/to/privatekey.pem --certificate-rules file://path/to/renewalrule.json
For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.
Run the UpdateCertificate operation to edit a certificate's renewal rule.