1. Home
  2. /
  3. Certificate management in Kubernetes with cert-manager and EJBCA

Certificate management in Kubernetes with cert-manager and EJBCA

Try EJBCA PKI with cert-manager to issue your X.509 certificates for all your Kubernetes and OpenShift workloads.

hero-sub-2
Cert manager logo big

cert-manager integrates directly with Kubernetes workloads 

cert-manager is an open-source tool that can automate TLS/mTLS certificate management within a Kubernetes cluster. It integrates directly with Kubernetes workloads and can be used with various PKIs.

EJBCA is a smart option to use alongside cert-manager as the Certificate Authority/PKI source for your Kubernetes clusters. It provides a secure and scalable way to issue certificates that can adapt to your evolving requirements. Whether you need TLS certificates for your Ingress infrastructure or ephemeral certificates for various workloads, EJBCA has got you covered. You can start small and expand as your certificate needs grow over time.

How to get started

This tutorial will walk you through the steps to deploy the EJBCA cert-manager external issuer with cert-manager. You will then learn how to create a role in EJBCA for the cert-manager external issuer. Finally, you will see just how effortless it is to issue certificates from EJBCA Public Key Infrastructure (PKI) using cert-manager.

Here are the steps:

  • Create keys and certificate signing request (CSRs) to request certs from EJBCA for the EJBCA cert-manager external issuer​
  • Configure EJBCA for the EJBCA cert-manager external issuer​
  • Issue the RA certificate for the EJBCA cert-manager external issuer
  • Configure the EJBCA external issuer to issue certificates from EJBCA​
  • Demonstrate how to issue certificates

Prerequisites:

Documentation

Tutorials/documentation

Documentation

Check out the supplementary documentation that goes hand-in-hand with our tutorial video.

Docker Hub

Download EJBCA and EJBCA cert-manager issuer from Docker Hub here:

YouTube

Take a peek at our tutorial videos on YouTube, and browse through some of our other tutorial videos as well.

Discuss

You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.

Related open-source projects