How To Migrate Existing Https Certificate to Oracle OCI Loadbalancer

Requirement:

  Sometimes when we do migration of our production services with https cerfiicates. We don't wanna a new domain for the service. So we  need to move our https certificates  to a new OCI load balancer environment.   So we can keep the same https certificates for our services

Solution:

  Refer Oracle OCI  official doc , we need below 4 information from existing https certificates before we can proceed

• First 2 items:  Certificate and Certificate Authority Certificate (CA certificate):  Both are public, anyone can access them. There is certificate chain for these 2 items to bind CA  for public security.  We can easily get via openssl command. ie

openssl s_client -showcerts -servername www.oracle.com -connect www.oracle.com:443

• Private Key:  When we got (bought) this certificate from CA Authority (in our case DigiCert ),  we will be provided a private key to decrypt data from client. We need it to be put into OCI load balancer , so load balancer can decrypt incoming encrypted data
• Passphase : To make it safer, when the original creator submit the certificate request,there is passphase to attach to the certifcate. It will be confirmed on the OCI load balancer side before it can use the key-pair to exchange information. 

CERTIFICATE NAME  :   whatever unique CERTIFICATE name you prefer in the loadbalancer

CERTIFICATE:  CONTENT OF CERTIFICATE FILE from openssl

CA CERTIFICATE:  Content of CA certificate from openssl

PRIVATE KEY : Supplied by CA certificate

PASSPHASE:  original creator will have it

Once it is added, we can apply it on OCI load balancer services