The command you use to renew a CA depends on whether the CA is a root CA or a subordinate CA.
Use the oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details command and required parameters to renew a root CA:
oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id <CA_OCID> --validity <version_validity_period_JSON>
For example:
oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --validity file://path/to/validity.json
To renew a subordinate CA, open a command prompt and run the oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca command and required parameters:
oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id <CA_OCID> --validity <version_validity_period_JSON>
For example:
oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --validity file://path/to/validity.json
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.