Oracle Cloud Infrastructure Documentation

Importing a Certificate

Import a certificate if you already have a one but want to manage it by using the Certificates service.

This task describes how to import a certificate issued by a third-party certificate authority (CA) that you plan to manage by using the Certificates service. For the steps to issue a certificate that you issue and manage internally with the Certificates service, see Creating a Certificate. For the steps to issue a certificate that you manage externally with a third-party certificate authority, see Creating a Certificate to Manage Externally.

The Certificates service supports the import of certificates with the following key algorithms, key sizes, and signature algorithms:
Key Algorithm Key Size (Length or Curve ID) Signature Algorithm

RSA
  • 2048 bits
  • 4096 bits
  • SHA256withRSA
  • SHA384withRSA
  • SHA512withRSA

ECDSA
  • NIST_P256
  • NIST_P384
  • SHA256withECDSA
  • SHA384withECDSA
  • SHA512withECDSA
When importing a certificate, observe the following maximums for PEM files:
  • Certificate bundle size: 51,200 bytes
  • Private key size: 5,120 bytes
  • Certificate size: 10,240 bytes

In the certificate subject, you must have a country code that complies with ISO 3166 standards. All certificates in the certificate chain must comply with this requirement for the service to consider the chain valid.

For information about generating a compliant encrypted private key, see Generating Compliant Encrypted Private Keys.

  • On the Certificates list page, select Import certificate. If you need help finding the list page, see Listing Certificates.

    The Import certificate panel opens. Enter the following information:

    • Name: Enter the name of the certificate. No certificates in the tenancy can share the same name, including certificates pending deletion.
    • Description: (Optional) Enter a description for the certificate.
    • Compartment: Select the compartment where the imported certificate resides from the list.

    Certificates

    Select one of the following options for how you want to import the certificate in PEM format:

    • Upload file: Select the Drop a file or select one box and browse to where the PEM file resides. Select it for uploading. You can also drag the PEM file from your computer to this box.
    • Paste content: Open the PEM file on your computer. Copy the contents and paste it into the text box.

    Certificates Chain

    Select one of the following options for how you want to provide the certificate chain in PEM format for the imported certificate:

    • Upload file: Select the Drop a file or select one box and browse to where the certificate chain file resides. Select it for uploading. You can also drag the PEM file from your computer to this box.
    • Paste content: Open the certificate chain file on your computer. Copy the contents and paste it into the text box.

    Private Key

    Select one of the following options for how you want to provide the private key from the certificate key pair in PEM format for the imported certificate:

    • Upload file: Select the Drop a file or select one box and browse to where the private key file resides. Select it for uploading. You can also drag the PEM file from your computer to this box.
    • Paste content: Open the private key file on your computer. Copy the contents and paste it into the text box.

    Private Key PEM Passphrase: (Optional) Enter the passphrase for the private key.

    Select Import certificate.

    Note

    It can take a while to create certificate-related resources.

  • Use the oci certs-mgmt certificate create-by-importing-config command and required parameters to import a certificate issued by a third-party certificate authority (CA) that you plan to manage by using the Certificates service:

    oci certs-mgmt certificate create-by-importing-config --compartment-id <compartment_OCID> --cert-chain-pem <certificate_chain_contents_file> --certificate-pem <certificate_contents_file> --name <certificate_name> --private-key-pem <private_key_file> [OPTIONS]

    For example:

    oci certs-mgmt certificate create-by-importing-config --compartment-id ocid1.compartment.oc1..<unique_id> --cert-chain-pem file://path/to/certchain.pem --certificate-pem file://path/to/leafcert.pem --name importedCert --private-key-pem file://path/to/privatekey.pem

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the CreateCertificate operation with the CreateCertificateByImportingConfigDetails datatype to import a certificate authority.