Oracle Cloud Infrastructure Documentation

Editing a Certificate Authority

Edit a certificate authority (CA) when you need to change its properties.

You can update any CA properties besides the name and OCID. However, you can't update all properties by using the Console. If you want to update the current version number, you must do that separately from updates to any other properties. Making a version the current version puts it into active use and involves more than other property changes.

  • You can only update the CA description by using the Console.
    1. Open the navigation menu and click Identity & Security.
    2. Under Certificates, click Certificate Authorities.
    3. From the list of CAs in the compartment, click the name of the CA that you want to update.

      To find a CA in a different compartment, under List scope, choose a different compartment.

    4. Click Edit Certificate Authority.
    5. Update the existing description, and then click Edit. Avoid entering confidential information.

  • The command that you use to update a CA depends on whether it is a root CA or a subordinate CA. Either use the oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details command and required parameters or the oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca command and required parameters to edit a CA's description.

    You can also update a CA's rules and revocation configuration. For more information about updating a CA's rules, see Editing Certificate Authority Rules. For information about updating a CA's revocation configuration, see Editing a Certificate Revocation List.

    To edit the description of a root CA, open a command prompt and run oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details:

    oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id <CA_OCID> --description <new_description>

    For example:

    oci certs-mgmt certificate-authority update-root-ca-by-generating-config-details --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --description "my root CA"

    To edit the description of a subordinate CA, open a command prompt and run oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca:

    oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id <CA_OCID> --description <new_description>

    For example:

    oci certs-mgmt certificate-authority update-subordinate-ca-issued-by-internal-ca --certificate-authority-id ocid1.certificateauthority.oc1.<region>.<unique_id> --description "my subordinate CA"

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the UpdateCertificateAuthority operation to update a CA.