In the previous post, I covered the Certificate Authority from the OCI Certificate that provides a private managed certificate service. This works well with the IaaS resources inside OCI, but can't be used for external facing Web Applications.

In this post I will focus on the importing of a Public Certificate into the Certificate service.

I will not cover the steps needed to obtain a public certificate. If you do not have one, you can follow this blog and generate a valid certificate from Let's Encrypt.

Importing the Certificate

Login to your OCI account and navigate to Identity &Security > Certificates > Certificates and hit the Create Certificate button.
Fill in the required information like: Compartment, Name and Description.

Upload the: Certificate, the Certificate chain and the Private key.

You will be provided with a Summary.

The certificate can be used in the OCI IaaS, for example in a Load Balancer.

When the certificate is about to expire, you can upload the certificate by hitting the "Renew" button.

The usage of the Certificate Service will make you more efficient. Imagine you have 10 Load Balancers, without the Certificate Service, you need to upload the certificate on each of the LBs and this is a time consuming task. If you use the Service, the certificate is uploaded on to the Service and it can be consumed by the LBs.

Conclusion

The certificate Service is saving a lot of time to a Network Administrator and will make daily tasks more simpler. At the time of writing this blog, the OCI does not have a Public Certificate Service and the recommendation is to import a valid certificate in to the Service and use the Certificate to protect your Public facing Web applications.