A managed public key infrastructure (PKI) service on Oracle Cloud Infrastructure that handles the full TLS/SSL certificate lifecycle — import, issuance, renewal, and revocation. Supports imported certificates (bring your own from any public CA) and OCI-issued certificates signed by a private Certificate Authority you manage within the service. Integrates directly with OCI Load Balancer and OCI API Gateway for automatic certificate distribution and renewal without touching instance configuration. Supports root CA and subordinate CA hierarchies for enterprise PKI deployments. The AWS equivalent is AWS Certificate Manager (ACM); the Azure equivalent is Azure Key Vault Certificates; the GCP equivalent is GCP Certificate Manager.
A platform engineering team uses OCI Certificates to manage all TLS certificates across their production environment. Public-facing load balancers use imported certificates from a public CA, renewed automatically through OCI Certificates so no engineer ever needs to manually upload a certificate file again. Internal microservices communicate over mTLS using certificates issued by an OCI private CA, with private keys protected by OCI Vault (HSM-backed), satisfying their SOC 2 encryption-in-transit requirement.
These services provide managed PKI solutions for handling TLS/SSL certificates, including lifecycle management and integration with cloud services.