Oracle Cloud Infrastructure Documentation

Renewing a Certificate for a Roving Edge Infrastructure Device Node while Disconnected

Describes how to renew an existing certificate for a device node while disconnected from the Oracle Cloud Infrastructure Cloud.

Renew the certificate for a device node if you want to extend its validity time, but do not want to change any of its details, such as the key algorithm. If you do want to change the details of the certificate, you must create a new one instead of renewing the existing certificate. See Creating a certificate while disconnected.

Using the Device Console and OCI Cloud Console

  1. Access the Device Console for the device node for which you are creating the certificate.
  2. Open the navigation menu and select Node Management > Certificates. The Certificates page appears. Each Roving Edge Infrastructure device node's certificate is listed with its certificate details.
  3. Select Create Certificate Signing Requests. You can also select Create Certificate Signing Request under the Action menu (three dots to the right of the node). The Create Certificate Signing Request dialog box appears.
  4. Select a Key Algorithm from the list to be used for the certificate signing request.
  5. Select Submit. The Device Console displays a message confirming that the certificate signing request for the device node has been successfully submitted.
  6. Monitor the status of your certificate signing request by performing the following steps:

    1. Select Certificate Actions under Node Management on the left side of the page to see the state of the request. The Certificate Actions page appears. The status of the certificate signing request is listed in tabular format. The page displays the last stage completed in the certificate signing request submission process.

    2. Select View under the Actions menu (Actions Menu) at the right of the certificate signing request entry to display the View Certificate Action dialog box. This dialog box displays a variety of information regarding the certificate request.

    3. If your attempt to create a certificate fails for a particular device node, you can select Retry under the Action menu (three dots to the right of the node).

  7. Select Certificate under Node Management to return to the Certificate page.
  8. Select View Certificate Signing Request under the Action menu (three dots to the right of the node). The View Certificate Signing Request dialog box appears.
  9. Download the certificate PEM file or copy and paste the certificate PEM contents into a file. Transfer this file to a computer that has access to the Oracle Cloud Infrastructure Cloud.
  10. Access the Oracle Cloud Infrastructure Cloud Console and open the navigation menu. Select Hybrid, then select Nodes. The Nodes page is displayed.
  11. Select the device node for which you want to create a certificate. The device node's Details page appears.
  12. Select the Certificate Information tab to view details on the device node's existing certificate. You can return to this tab later after you generate the new certificate to view the updated details.
  13. From the Actions menu at the top of the table,select Renew Certificate. The Renew Certificate dialog box appears.
  14. Upload the certificate PEM file (.csr or .pem) from your connected computer, or copy and paste the certificate PEM contents into the Certificate Signing Request box.
  15. Select Not Valid After. The date and time calendar appears. Select the date and UTC time wanted as the expiration date for the certificate, and then select Submit. The date and time you specify cannot exceed the maximum validity period of the certificate authority that is used for the certificate.
  16. Select Renew Certificate. The Details page displays a message indicating that a renewed certificate has been generated with an associated OCID on the Oracle Cloud Infrastructure Cloud. The contents of the Certificate Information tab are also updated to reflect the renwed certificate.
  17. Select View Certificate Content. The View Certificate Content dialog box appears.
  18. Copy or download the certificate PEM file or contents to the computer that has connected access to the Roving Edge Infrastructure environment
  19. Select View CA Bundle Content from the More Actions menu. The View CA Bundle Content dialog box appears.
  20. Copy or download the CA bundle file or contents to the computer that has network connectivity to the Roving Edge Infrastructure device.

    You can also use the CLI to perform the following tasks:

    • Renewing a certificate for a Roving Edge Infrastructure device node. Run the following CLI command and parameters:

      oci rover node certificate update --csr --rover-node-id rover_node_ocid certificate_signing_request --time-cert-validity-end time_cert_validity_end [OPTIONS]

      certificate_signing_request is the certificate signing request in .PEM format. The maximum size of the request is 10240 characters.

      time_cert_validity_end is the time when the renewed certificate's validity ends. You can express this time in the following formats:

      • UTC with microseconds

      • Timezone with microseconds

    • Viewing a certificate for a Roving Edge Infrastructure device. Run the following CLI command and parameters:

      oci rover node certificate get-leaf-certificate --rover-node-id rover_node_ocid

    • View the CA bundle content of a Roving Edge Infrastructure. Run the following CLI command and parameters:

      oci rover node ca-bundle get --rover-node-id  rover_node_ocid
  21. Return to the Device Console on the device node for which you are creating the certificate and access the Certificates page.
  22. Select Import under the Action menu (three dots to the right of the node). The Import Certificate dialog box appears.
  23. Upload the certificate file (.pem) from your connected computer, or copy and paste the certificate contents into the Add Certificate box.
  24. Upload the CA bundle file (.pem) from your connected computer, or copy and paste the CA bundle contents into the Add Ca-bundle box.
  25. Select Import. The Certificates page displays a message indicating that your request to import the certificate has been successfully submitted.
  26. Monitor the status of your import by performing the following steps:

    1. Select Certificate Actions under Node Management on the left side of the page to see the state of the import. The Certificate Actions page appears. The status of the import is listed in tabular format. The page displays the last stage completed in the import process.

    2. Select View under the Action menu (three dots at the right of the import entry) to display the View Certificate Action dialog box. This dialog box displays a variety of information regarding the import.

    3. If your attempt to import fails for a particular device node, you can select Retry under the Action menu (three dots to the right of the device node).

The device node's certificate and CA bundle are updated with the new ones you imported. Select View under the Actions menu to display the View Certificates dialog box and inspect the certificate and CA bundle.