Editing Certificate Rules

Edit a certificate's rules to change its renewal interval and renewal period.

You can edit a certificate's renewal rule to change its automatic renewal process at any time. A renewal rule consists of a renewal interval and a renewal period. Although you configure a renewal rule for a certificate, the renewal interval is calculated against the current certificate version's expiration date. Any previous changes to the renewal rule must be complete and the certificate must be in an Active state before you can edit the renewal rule again.

    1. Open the navigation menu and click Identity & Security.
    2. Under Certificates, click Certificates.
    3. From the list of certificates in the compartment, click the name of the certificate with the renewal rule that you want to update.

      To find a certificate in a different compartment, under List scope, choose a different compartment.

    4. Under Resources, click Rules, and then click Edit Renewal Rule.
    5. Enter a new value for one or both of the following settings:
      • Renewal Interval (Days): The frequency with which the certificate is automatically renewed. Specify a number of days no less than one and no more than one day before the expiration date of the current certificate version. You can't specify an interval that lets the certificate expire before it's renewed.
      • Advance Renewal Period (Days): The period in advance of the certificate expiration when the certificate is renewed. Specifying a renewal period ensures that the renewal is complete before the certificate expires.

      If you change the renewal interval to a period shorter than the renewal period, the service automatically updates the renewal period accordingly.

    6. Click Submit.
  • The command you use to update a certificate's renewal rule depends on how you created the certificate. Furthermore, any previous changes to the renewal rule must be complete and the certificate must be in an Active state before you can edit the renewal rule again.

    To change the renewal rule for a certificate that you issued and manage internally, use the oci certs-mgmt certificate update-certificate-managed-internally command and required parameters:

    Note

    When specifying the advance renewal period and renewal interval, use the format P<number>D, replacing the number variable with the desired number of days. Also, although you configure a renewal rule for a certificate, the renewal interval is calculated against the current certificate version's expiration date.
    oci certs-mgmt certificate update-certificate-managed-internally --certificate-id <certificate_OCID> --certificate-rules <renewal_rule_JSON>

    For example:

    oci certs-mgmt certificate update-certificate-managed-internally --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --certificate-rules file://path/to/renewalrule.json

    To change the renewal rule for a certificate that you issued internally, but has a private key that you manage externally, use the oci certs-mgmt certificate update-certificate-managed-externally command and required parameters:

    oci certs-mgmt certificate update-certificate-managed-externally --certificate-id <certificate_OCID> --csr-pem <certificate_signing_request> --certificate-rules <renewal_rule_JSON>

    For example:

    oci certs-mgmt certificate update-certificate-managed-externally --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --csr-pem file://path/to/externalcert.pem --certificate-rules file://path/to/renewalrule.json

    To change the renewal rule for a certificate that you imported, use the oci certs-mgmt certificate update-certificate-by-importing-config-details command and required parameters:

    oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id <certificate_OCID> --cert-chain-pem <certificate_chain_contents_file> --certificate-pem <certificate_contents_file> --private-key-pem <private_key_file> --certificate-rules <renewal_rule_JSON>

    For example:

    oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id ocid1.certificate.oc1.<region>.<unique_ID> --cert-chain-pem file://path/to/certchain.pem --certificate-pem file://path/to/leafcert.pem --private-key-pem file://path/to/privatekey.pem --certificate-rules file://path/to/renewalrule.json

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the UpdateCertificate operation to edit a certificate's renewal rule.