Task 3: Create a Master Encryption Key
Step 1: Access the OCI Vault
Log in to the OCI Console.
Navigate toIdentity & Security>Vault.
Select the root compartment.
Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Master Encryption Key
In the PBI_Vault_SP vault details page, underResources, clickKeys.
ClickCreate Key.
Enter the following details:
Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-MEK-0199008677labuser01).
Key Shape: SelectRSAwith4096 bits.
Protection Mode: SelectHSM(Hardware Security Module) if available, orSoftwareif HSM is not required (based on vault capabilities).
Compartment: Ensure it’s set to the root compartment (where PBI_Vault_SP resides).
Leave other settings (e.g., key usage) as default unless specified.
ClickCreate Keyand wait for the key to be generated.
Step 3: Retrieve and Enter the OCID
After the key is created, go to theKeyssection under PBI_Vault_SP.
Click on the key named PBT-CERT-MEK-01<username> (e.g., PBT-CERT-MEK-0199008677labuser01).
Copy theOCID(a long string starting with ocid1.key., unique to your tenancy) from the key details page.
Enter the copied OCID exactly as it appears into the provided text box.
Task 4: Create a Certificate Authority (CA)
Create a certificate authority, where:
CA name: PBT-CERT-CA-01-<username>
For example, if your username is 99008677-lab.user01, then the certificate authority name should be PBT-CERT-CA-01990086771abuser01
Ensure you eliminate special characters from the user name.
Common name: PBT-CERT-OCICA-01
Master Encryption Key: PBT-CERT-MEK-01 (created in the previous task)
Answer: See the solution below in Explanation.
Task 4: Create a Certificate Authority (CA)
Step 1: Access the OCI Vault
Log in to the OCI Console.
Navigate toIdentity & Security>Vault.
Select the root compartment.
Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Certificate Authority
In the PBI_Vault_SP vault details page, underResources, clickCertificate Authorities.
ClickCreate Certificate Authority.
Enter the following details:
Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-CA-0199008677labuser01).
Common Name: Enter PBT-CERT-OCICA-01.
Master Encryption Key: Select the PBT-CERT-MEK-01<username> key created in Task 3 (e.g., PBT-CERT-MEK-0199008677labuser01).
Subject: Leave as default or adjust (e.g., Organization, Country) if required by your setup.
Validity Period: Set as needed (e.g., 10 years), or use the default.
Compartment: Ensure it’s set to the root compartment.
ClickCreate Certificate Authorityand wait for the CA to be provisioned.
Step 3: Verify the Certificate Authority
After creation, go to theCertificate Authoritiessection under PBI_Vault_SP.
Confirm the CA PBT-CERT-CA-01<username> (e.g., PBT-CERT-CA-0199008677labuser01) is listed and its status is active.