Managing Certificates
Use Certificates to create and manage digital certificates.
Certificate management tasks include the following:
- Creating a Certificate
- Creating a Certificate to Manage Externally
- Importing a Certificate
- Listing Certificates
- Viewing Certificate Details
- Editing a Certificate
- Editing Certificate Rules
- Renewing a Certificate
- Updating a Certificate PEM
- Viewing Certificate Associations
- Moving a Certificate
- Deleting a Certificate
- Canceling Certificate Deletion
Every certificate has one or more certificate versions. As such, certificate management also includes the following tasks specific to certificate versions:
Required IAM Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy (IAM) by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have and which compartment you should work in.
The following policy gives permission to the example group CertificateAdmins to manage
certificates and CA bundles. Specifically, the policy gives permission to list any
resources included in the aggregate resource-type
certificate-authority-family
(without access to any confidential
information). The policy also gives permission to the example group to work with the
resource-type certificate-authority-delegate
. (The example group can
use any CA in the compartment to sign a certificate, but does not have the ability to
create, update, or delete CAs). Lastly, the policy gives permission to the group to do
anything with any resources included in the aggregate resource-type
leaf-certificate-family
. Access is limited to resources in the
specified example compartments.
Allow group CertificateAdmins to inspect certificate-authority-family in compartment ABC
Allow group CertificateAdmins to use certificate-authority-delegate in compartment ABC
Allow group CertificateAdmins to manage leaf-certificate-family in compartment ABC
These statements provide the minimum access needed to complete administrative tasks with certificates, as described later in this topic.
You might want to provide access to a group to work with certificates while restricting their ability to create, update, or delete any certificate-related resources. The following policy gives permission to the example group CertificateUsers to read and update certificates and CA bundles. The policy also gives permission to the group to renew certificates. Access is limited to resources in the specified example compartments.
Allow group CertificateUsers to use leaf-certificate-family in compartment DEF
Allow group CertificateUsers to use certificate-authority-delegate in compartment DEF
Allow group CertificateUsers to manage certificate-associations in compartment DEF
Allow group CertificateUsers to inspect certificate-authority-associations in compartment DEF
Allow group CertificateUsers to manage cabundle-associations in compartment DEF
For more information about permissions or if you need to write more or less restrictive policies, see Details for the Certificates Service. If you're new to policies, see Getting Started with Policies and Common Policies.