Try EJBCA PKI with cert-manager to issue your X.509 certificates for all your Kubernetes and OpenShift workloads.
cert-manager is an open-source tool that can automate TLS/mTLS certificate management within a Kubernetes cluster. It integrates directly with Kubernetes workloads and can be used with various PKIs.
EJBCA is a smart option to use alongside cert-manager as the Certificate Authority/PKI source for your Kubernetes clusters. It provides a secure and scalable way to issue certificates that can adapt to your evolving requirements. Whether you need TLS certificates for your Ingress infrastructure or ephemeral certificates for various workloads, EJBCA has got you covered. You can start small and expand as your certificate needs grow over time.
This tutorial will walk you through the steps to deploy the EJBCA cert-manager external issuer with cert-manager. You will then learn how to create a role in EJBCA for the cert-manager external issuer. Finally, you will see just how effortless it is to issue certificates from EJBCA Public Key Infrastructure (PKI) using cert-manager.
Check out the supplementary documentation that goes hand-in-hand with our tutorial video.
Download EJBCA and EJBCA cert-manager issuer from Docker Hub here:
Take a peek at our tutorial videos on YouTube, and browse through some of our other tutorial videos as well.
You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.