Certificate choices for OCI Load Balancer

Matt MulvaneyMatt Mulvaney
2 min read

I’ve tried to simplify this section, because it can get complicated.

I also provide a table of where to upload the certificates as I really needed one and I couldn’t find any - so I created my own.

Certificate Choices

Your choices are

  • Get Let’s Encrypt Free Certificates 3 month Certificates

    • I may blog this step later, otherwise, I recommend you find a guide as its not so easy to describe here - here is an excellent guide for generating them through certbot. Be aware you need a Domain Registrar setup before starting

      • If you have an Nginx Proxy Manager setup, these certificates auto-renew, so you can technically leech them from there - either way, you have to renew them and auto upload to your Load Balancer 3 monthly

  • Get Cloudflare 15 year Certificates by using the steps below

    • Locate or generate your Cloudflare Origin Certificates by clicking SSL/TLS > Origin Server > Create Certificate in your Cloudflare Dashboard

  • Other paid certificate - there any many suppliers

Load Balancer Certificate Assignment

CertificateCA BundlePrivate Key
Cloudflarecert.pemCloudflare Origin RSA PEMpriv.pem
Let’s Encrypt (as generated using certbot)cert.pemISGR Root X1 (or alternatively use fullchain.pem)privkey.pem
Other PaidRefer to supplierRefer to supplierRefer to supplier

Important: If you are configuring ORDS as a backend to your Load Balancer, the optional CA Bundle is not optional and is a requirement regardless of certificate choice.

Important: If you have your Cloudflare SSL/TLS > Custom SSL/TLS > Full then Cloudflare Certs will only be accepted.

ENJOY

What’s the picture its Wetherby Bridge, a scheduled monument and Grade II-listed bridge over the River Wharfe in Wetherby, West Yorkshire, dating from the 13th century. Visit Yorkshire!

2
Subscribe to my newsletter

Read articles from Matt Mulvaney directly inside your inbox. Subscribe to the newsletter, and don't miss out.

OCILoad BalancingCertificatesSSLSSL Certificatecloudflare

Written by

Matt Mulvaney
Matt Mulvaney

With around 20 years on the job, Matt is one of the most experienced software developers at Pretius. He likes meeting new people, traveling to conferences, and working on different projects. He’s also a big sports fan (regularly watches Leeds United, Formula 1, and boxing), and not just as a spectator – he often starts his days on a mountain bike, to tune his mind.