Saturday, December 08, 2018

How To Migrate Existing Https Certificate to Oracle OCI Loadbalancer


  Sometimes when we do migration of our production services with https cerfiicates. We don't wanna a new domain for the service. So we  need to move our https certificates  to a new OCI load balancer environment.   So we can keep the same https certificates for our services


  Refer Oracle OCI  official doc , we need below 4 information from existing https certificates before we can proceed

  • First 2 items:  Certificate and Certificate Authority Certificate (CA certificate):  Both are public, anyone can access them. There is certificate chain for these 2 items to bind CA  for public security.  We can easily get via openssl command. ie
openssl s_client -showcerts -servername -connect

  • Private Key:  When we got (bought) this certificate from CA Authority (in our case DigiCert ),  we will be provided a private key to decrypt data from client. We need it to be put into OCI load balancer , so load balancer can decrypt incoming encrypted data
  • Passphase : To make it safer, when the original creator submit the certificate request,there is passphase to attach to the certifcate. It will be confirmed on the OCI load balancer side before it can use the key-pair to exchange information. 

PASSPHASE:  original creator will have it

Once it is added, we can apply it on OCI load balancer services

No comments: