Blog post 30 Nov, 2020

Automated certificate issuing for containers or microservices

Authentication between containers or microservices can be achieved using mutual TLS and thus X.509 certificates need to be issued and provisioned to each container. Keeping in mind that the nature of DevOps is such that containers should have the possibility to deploy at scale and that the containers are created and destroyed at any time, what does this mean for the certificate issuance and provisioning? Can this process also be integrated and automated within the DevOps environment and at the same time stay secure and controlled?

When using Kubernetes to manage containers, the certificate provisioning can be automated. One way to do this is to use the cert-manager plug-in to Kubernetes that lets Kubernetes containers get TLS server certificates automatically using the ACME protocol.

Read more about how to leverage PrimeKey EJBCA to implement an automated, trusted and secure process for issuing certificates to Kubernetes services using cert-manager:

Issuing certificates to Kubernetes Services using cert-manager