Importing a Certificate

Import a certificate if you already have a certificate but want to manage it by using the Certificates service.

This task describes how to import a certificate issued by a third-party certificate authority (CA) that you plan to manage by using the Certificates service. For the steps to issue a certificate that you issue and manage internally with the Certificates service, see Creating a Certificate. For the steps to issue a certificate that you manage externally with a third-party CA, see Creating a Certificate to Manage Externally.

Note

The Certificates service supports the import of certificates with the following key algorithms, key sizes, and signature algorithms:
Key Algorithm Key Size (Length or Curve ID) Signature Algorithm

RSA

  • 2048 bits
  • 4096 bits
  • SHA256withRSA
  • SHA384withRSA
  • SHA512withRSA

ECDSA

  • NIST_P256
  • NIST_P384
  • SHA256withECDSA
  • SHA384withECDSA
  • SHA512withECDSA
When importing a certificate, observe the following maximums for PEM files:
  • Certificate bundle size: 51,200 bytes
  • Private key size: 5,120 bytes
  • Certificate size: 10,240 bytes

In the certificate subject, you must have a country code that complies with ISO 3166 standards. All certificates in the certificate chain must comply with this requirement for the service to consider the chain valid.

For information about generating a compliant encrypted private key, see Generating Compliant Encrypted Private Keys.

    1. Open the navigation menu and click Identity & Security.
    2. Under Certificates, click Certificates.
    3. Click Create Certificate.
    4. Under Compartment, choose the compartment where you want to create the certificate. The certificate can exist in the same compartment as the CA or a different one.
    5. Under Certificate Type, to import a certificate that you plan to manage by using a Certificates service CA, click Imported.
    6. Enter a unique display name for the certificate. Avoid entering confidential information.
      Note

      No two certificates in the tenancy can share the same name, including certificates pending deletion.
    7. (Optional) Enter a description to help identify the certificate. Avoid entering confidential information.
    8. (Optional) To apply tags, click Show Tagging Options. For more information about tags, see Resource Tags.
    9. Click Next.
    10. For imported certificates, you don't need to provide subject information. Instead, click Next again.
    11. Under Certificate, provide the certificate by doing one of the following:
      • Click Upload File, and then click Select One to upload the certificate as a PEM file.
      • Click Paste Content, and then click the text box that follows to paste the certificate contents directly.
    12. Under Certificate Chain, provide the certificate chain for the imported certificate by doing one of the following:
      • Click Upload File, and then click Select One to upload the certificate chain as a PEM file.
      • Click Paste Content, and then click the text box that follows to paste all the certificates in the chain directly.
    13. Under Private Key, provide the private key from the certificate key pair by doing one of the following:
      • Click Upload File, and then click Select One to upload the private key as a PEM file.
      • Click Paste Content, and then click the text box that follows to paste the private key directly.
    14. (Optional) Click Private Key PEM Passphrase, and then provide the passphrase for the private key.
    15. You can't configure automatic renewal for certificates that the Certificates service doesn't manage. Click Next to continue.
    16. Verify that the information is correct, and then click Create Certificate.
      It can take a while to create certificate-related resources.
  • Use the oci certs-mgmt certificate create-by-importing-config command and required parameters to import a certificate issued by a third-party certificate authority (CA) that you plan to manage by using the Certificates service:

    oci certs-mgmt certificate create-by-importing-config --compartment-id <compartment_OCID> --cert-chain-pem <certificate_chain_contents_file> --certificate-pem <certificate_contents_file> --name <certificate_name> --private-key-pem <private_key_file>

    For example:

    oci certs-mgmt certificate create-by-importing-config --compartment-id ocid1.compartment.oc1..<unique_id> --cert-chain-pem file://path/to/certchain.pem --certificate-pem file://path/to/leafcert.pem --name importedCert --private-key-pem file://path/to/privatekey.pem

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the CreateCertificate operation to import a certificate.