Oracle Cloud Infrastructure Documentation

Renewing a Certificate for a Roving Edge Infrastructure Device Node while Disconnected

Describes how to renew an existing certificate for a device node while disconnected from the Oracle Cloud Infrastructure Cloud.

Renew the certificate for a device node if you want to extend its validity time, but do not want to change any of its details, such as the key algorithm. If you do want to change the details of the certificate, you must create a new one instead of renewing the existing certificate. See Creating a certificate while disconnected.

Using the Device Console and OCI Cloud Console

  1. Access the Device Console for the device node for which you are creating the certificate.
  2. Open the navigation menu and click Node Management > Certificates. The Certificates page appears. Each Roving Edge Infrastructure device node's certificate is listed with its certificate details.
  3. Click Create Certificate Signing Requests. You can also click Create Certificate Signing Request under the Action menu (three dots to the right of the node). The Create Certificate Signing Request dialog box appears.
  4. Select a Key Algorithm from the list to be used for the certificate signing request.
  5. Click Submit. The Device Console displays a message confirming that the certificate signing request for the device node has been successfully submitted.
  6. Monitor the status of your certificate signing request by performing the following steps:

    1. Click Certificate Actions under Node Management on the left side of the page to see the state of the request. The Certificate Actions page appears. The status of the certificate signing request is listed in tabular format. The page displays the last stage completed in the certificate signing request submission process.

    2. Click View under the Actions menu (Actions Menu) at the right of the certificate signing request entry to display the View Certificate Action dialog box. This dialog box displays a variety of information regarding the certificate request.

    3. If your attempt to create a certificate fails for a particular device node, you can select Retry under the Action menu (three dots to the right of the node).

  7. Click Certificate under Node Management to return to the Certificate page.
  8. Click View Certificate Signing Request under the Action menu (three dots to the right of the node). The View Certificate Signing Request dialog box appears.
  9. Download the certificate PEM file or copy and paste the certificate PEM contents into a file. Transfer this file to a computer that has access to the Oracle Cloud Infrastructure Cloud.
  10. Access the Oracle Cloud Infrastructure Cloud Console and open the navigation menu. Under Hybrid Cloud, go to Roving Edge Infrastructure > Nodes. The Nodes page appears.
  11. Click the device node for which you want to create a certificate. The device node's Details page appears.
  12. Click the Certificate Information tab to view details on the device node's existing certificate. You can return to this tab later after you generate the new certificate to view the updated details.
  13. Select Renew Certificate from the More Actions menu. The Renew Certificate dialog box appears.
  14. Upload the certificate PEM file (.csr or .pem) from your connected computer, or copy and paste the certificate PEM contents into the Certificate Signing Request box.
  15. Click Not Valid After. The date and time calendar appears. Select the date and UTC time wanted as the expiration date for the certificate, and then click Submit. The date and time you specify cannot exceed the maximum validity period of the certificate authority that is used for the certificate.
  16. Click Renew Certificate. The Details page displays a message indicating that a renewed certificate has been generated with an associated OCID on the Oracle Cloud Infrastructure Cloud. The contents of the Certificate Information tab are also updated to reflect the renwed certificate.
  17. Click View Certificate Content. The View Certificate Content dialog box appears.
  18. Copy or download the certificate PEM file or contents to the computer that has connected access to the Roving Edge Infrastructure environment
  19. Click View CA Bundle Content from the More Actions menu. The View CA Bundle Content dialog box appears.
  20. Copy or download the CA bundle file or contents to the computer that has network connectivity to the Roving Edge Infrastructure device.

    You can also use the CLI to perform the following tasks:

    • Renewing a certificate for a Roving Edge Infrastructure device node. Run the following CLI command and parameters:

      oci rover node certificate update --csr --rover-node-id rover_node_ocid certificate_signing_request --time-cert-validity-end time_cert_validity_end [OPTIONS]

      certificate_signing_request is the certificate signing request in .PEM format. The maximum size of the request is 10240 characters.

      time_cert_validity_end is the time when the renewed certificate's validity ends. You can express this time in the following formats:

      • UTC with microseconds

      • Timezone with microseconds

    • Viewing a certificate for a Roving Edge Infrastructure device. Run the following CLI command and parameters:

      oci rover node certificate get-leaf-certificate --rover-node-id rover_node_ocid

    • View the CA bundle content of a Roving Edge Infrastructure. Run the following CLI command and parameters:

      oci rover node ca-bundle get --rover-node-id  rover_node_ocid
  21. Return to the Device Console on the device node for which you are creating the certificate and access the Certificates page.
  22. Select Import under the Action menu (three dots to the right of the node). The Import Certificate dialog box appears.
  23. Upload the certificate file (.pem) from your connected computer, or copy and paste the certificate contents into the Add Certificate box.
  24. Upload the CA bundle file (.pem) from your connected computer, or copy and paste the CA bundle contents into the Add Ca-bundle box.
  25. Click Import. The Certificates page displays a message indicating that your request to import the certificate has been successfully submitted.
  26. Monitor the status of your import by performing the following steps:

    1. Click Certificate Actions under Node Management on the left side of the page to see the state of the import. The Certificate Actions page appears. The status of the import is listed in tabular format. The page displays the last stage completed in the import process.

    2. Click View under the Action menu (three dots at the right of the import entry) to display the View Certificate Action dialog box. This dialog box displays a variety of information regarding the import.

    3. If your attempt to import fails for a particular device node, you can select Retry under the Action menu (three dots to the right of the device node).

The device node's certificate and CA bundle are updated with the new ones you imported. Click View under the Actions menu to display the View Certificates dialog box and inspect the certificate and CA bundle.