1. Home
  2. /
  3. Certificate management in Kubernetes with cert-manager and EJBCA

Certificate management in Kubernetes with cert-manager and EJBCA

Try EJBCA PKI with cert-manager to issue your X.509 certificates for all your Kubernetes and OpenShift workloads.

hero-sub-2
Cert manager logo big

cert-manager integrates directly with Kubernetes workloads 

cert-manager is an open-source tool that can automate TLS/mTLS certificate management within a Kubernetes cluster. It integrates directly with Kubernetes workloads and can be used with various PKIs.

EJBCA is a smart option to use alongside cert-manager as the Certificate Authority/PKI source for your Kubernetes clusters. It provides a secure and scalable way to issue certificates that can adapt to your evolving requirements. Whether you need TLS certificates for your Ingress infrastructure or ephemeral certificates for various workloads, EJBCA has got you covered. You can start small and expand as your certificate needs grow over time.

How to get started

This tutorial will walk you through the steps to deploy the EJBCA cert-manager external issuer with cert-manager. You will then learn how to create a role in EJBCA for the cert-manager external issuer. Finally, you will see just how effortless it is to issue certificates from EJBCA Public Key Infrastructure (PKI) using cert-manager.

Here are the steps:

  • Create keys and certificate signing request (CSRs) to request certs from EJBCA for the EJBCA cert-manager external issuer​
  • Configure EJBCA for the EJBCA cert-manager external issuer​
  • Issue the RA certificate for the EJBCA cert-manager external issuer
  • Configure the EJBCA external issuer to issue certificates from EJBCA​
  • Demonstrate how to issue certificates

Prerequisites:

Documentation

Tutorials/documentation

Documentation

Check out the supplementary documentation that goes hand-in-hand with our tutorial video.

Documentation

Docker Hub

Download EJBCA and EJBCA cert-manager issuer from Docker Hub here:

EJBCA container EJBCA cert-manager issuer

YouTube

Take a peek at our tutorial videos on YouTube, and browse through some of our other tutorial videos as well.

EJBCA in Kubernetes EJBCA and cert-manager

Discuss

You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.

Engage with us on GitHub

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data
Close