Leverage OCI Certificate Service for OCVS as Private PKI
Oracle Cloud Infrastructure Certificates provides organisations with certificate issuance, storage, and management capabilities, including revocation and automatic renewal. If you have a third-party certificate authority (CA) that you already use, you can import certificates issued by that CA for use in an Oracle Cloud Infrastructure tenancy.
In this blog , we will leverage this service for Oracle Cloud VMware solution. Here we will configure Certificate Authority on OCI , generate Certs and apply those Certificates on Applications hosted on Oracle Cloud VMware solution.
Before start we must know, how Certificate generation process works :
First we need to configure Certificate Authority using below steps:
https://docs.oracle.com/en-us/iaas/Content/certificates/managing-certificate-authorities.htm
Go to Vault and generate Master encryption key :
Created Certificate Authority:
Second step i am generating CSR and private key by providing all details which includes Common Name, Country, SAN name etc. using openssl utility.
openssl req -new -nodes -newkey rsa:2048 -config /var/tmp/myssl.cnf -reqexts req_ext -keyout key.key -out test.csr
In third step ,i have to choose option Certificate to Manage Externally which will allow to upload CSR and generate signed Certificate.
Here i have uploaded CSR to generate cert.
Click on view Certificate details :
Finally we need to download Application Cert and Root Cert in .pem format.Click on view content and then download.
Let's test application without Cert , we will see SSL warning on browser :
Let me test it again after applying SSL cert:
Certificate Validation working as expected.
For VM deployment on OCVS , please refer this blog:
https://www.asknikhil.com/post/ocvs-vm-s-deployment-using-secure-oci-vault-secrets-for-credentials