Leverage OCI Certificate Service for OCVS as Private PKI
- Nikhil Verma
- Apr 5, 2023
- 1 min read
Oracle Cloud Infrastructure Certificates provides organisations with certificate issuance, storage, and management capabilities, including revocation and automatic renewal. If you have a third-party certificate authority (CA) that you already use, you can import certificates issued by that CA for use in an Oracle Cloud Infrastructure tenancy.
In this blog , we will leverage this service for Oracle Cloud VMware solution. Here we will configure Certificate Authority on OCI , generate Certs and apply those Certificates on Applications hosted on Oracle Cloud VMware solution.
Before start we must know, how Certificate generation process works :

First we need to configure Certificate Authority using below steps:
Go to Vault and generate Master encryption key :

Created Certificate Authority:

Second step i am generating CSR and private key by providing all details which includes Common Name, Country, SAN name etc. using openssl utility.
openssl req -new -nodes -newkey rsa:2048 -config /var/tmp/myssl.cnf -reqexts req_ext -keyout key.key -out test.csr
In third step ,i have to choose option Certificate to Manage Externally which will allow to upload CSR and generate signed Certificate.

Here i have uploaded CSR to generate cert.



Click on view Certificate details :

Finally we need to download Application Cert and Root Cert in .pem format.Click on view content and then download.


Let's test application without Cert , we will see SSL warning on browser :

Let me test it again after applying SSL cert:

Certificate Validation working as expected.
For VM deployment on OCVS , please refer this blog:
Comments