EJBCA issues and manages certificates for Istio's mTLS certificate needs, ensuring secure communication in service meshes.
Securing communication between services in Kubernetes typically involves using Istio's or another service mesh, which supports built-in mutual TLS (mTLS) and integrates with external PKIs.
EJBCA and cert-manager can be set up to issue certificates for Istio's mTLS authentication, ensuring secure and scalable certificate management. With EJBCA, you can begin with a small setup, without using insecure self-signed certificates. As your certificate requirements evolve, you can easily expand and adapt to meet your changing needs.
Follow this tutorial to learn how to issue mTLS certificates with EJBCA and cert-manager for your Istio service mesh. Here are the steps:
Before you begin, you need:
Check out the supplementary documentation that goes hand-in-hand with our tutorial video.
Get your hands on the EJBCA Docker container by downloading it now from Docker Hub.
Get your hands on the EJBCA Helm chart from GitHub.
Take a peek at our YouTube playlist, and browse through some of our other tutorial videos as well.
You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.
EJBCA CSR Signer is an alternative to cert-manager for issuing service mesh certs with EJBCA.