1. Home
  2. /
  3. Use cases
  4. /
  5. Issue certs for DevOps

Issue certs for DevOps

In a containerized environment, certificates and mTLS play a critical role in securing your infrastructure. Our guides take you through the step-by-step process of implementing TLS certificates to meet your security needs, leveraging CertManager, Istio, and CSR API as vital security tools.

hero-sub-2

Challenge

Both short-lived and longer-lived certificates are required to balance security

Certificates and mTLS are critical for securing communication in a containerized environment. They help ensure that the communication is secure, authenticated, and compliant. In addition, in many cases, both short-lived and longer-lived certificates are required to balance the security and operational needs of the infrastructure.

Short-lived certificates ensure that workload-to-workload communication between containers, or microservices within a cluster, is secure. These certificates are designed to be renewed frequently, every few minutes, hours, or days. Longer-lived certificates typically provide trust and authentication between infrastructure components, such as load balancers, API gateways, or Kubernetes controllers.

A well-designed PKI system should be able to handle both types of certificates and manage their lifecycle efficiently.

arrow

Solution

Consistency across the containerized application environment

EJBCA PKI supports CertManager and securing service meshes via Istio and generic TLS, providing engineers with tools to secure their containerized applications. Today, you can try:

  • Automated issuance of TLS certificates for Kubernetes applications with CertManager and EJBCA PKI (soon available)
  • Issuing certificates from EJBCA for Istio's mutual mTLS
  • Certificates for TLS and mTLS, manually or via REST

EJBCA centralizes certificate management, providing a single point of control for issuance, revocation, and renewal. This consistency and security extends across the entire containerized application environment, reducing the risk of security incidents and data breaches.

Tutorials

EJBCA logo website
REST
2023-06-18

Automated certificate issuing via EJBCA REST

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
PYTHON / POSTMAN
EJBCA logo website
DevOps
2023-05-11

Issue certs to Istio service mesh

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
ISTIO
DevOps
IoT
TLS & mTLS
2023-02-06

Client TLS certificates for mTLS, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
mTLS
EJBCA logo website
DevOps
IoT
TLS & mTLS
2023-02-06

Server TLS certificates, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
mTLS

Get inspired

Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.

Bouncy Castle
Implementing Cryptography
Post-Quantum Cryptography
Release
Ejbca
Signserver
22 November, 2023

Advancing Quantum-Ready Security: PQC FIPS standards, interoperability, and API enhancements in BC 1.77

Updates to PQC FIPS standards and interoperability testing Updating PQC FIPS...
EJBCA inläggsbild
DevOps
Implementing Cryptography
Industrial Cybersecurity & IoT
Installation & Deployment
Post-Quantum Cryptography
Signing
Tech Update
Ejbca
16 November, 2023

Learn how to upgrade your EJBCA Docker container to the latest version

Exciting news! Check out our brand-new Tutorial page and video designed to ma...
Community_Tech_Meetup_Prof1
DevOps
Implementing Cryptography
Industrial Cybersecurity & IoT
Installation & Deployment
Post-Quantum Cryptography
Signing
Blog
Ejbca
Signserver
20 September, 2023

Unveiling the highlights of the Keyfactor Community Tech Meetup 2023

What a remarkable day it was at the Keyfactor Community Tech Meetup 2023, on...

Related open-source projects