1. Home
  2. /
  3. Use cases
  4. /
  5. Issue certificates for Container environments

Issue certificates for Container environments

In a containerized environment, certificates and mTLS are critical in securing your infrastructure. Our guides take you through the step-by-step process of implementing a trusted certificate-issuing process to meet your security needs, leveraging cert-manager, Istio, HashiCorpVault, and CSR API as vital security tools.

hero-sub-2

Challenge

Both short-lived and longer-lived certificates are required to balance security

Certificates and mTLS are critical for securing communication in a containerized environment. They help ensure that the communication is secure, authenticated, and compliant. In addition, in many cases, both short-lived (ephemeral) and longer-lived certificates are required to balance the security and operational needs of the infrastructure.

Ephemeral certificates ensure that workload-to-workload communication between containers or microservices within a cluster is secure. These certificates are designed to be renewed frequently, every few minutes, hours, or days. Longer-lived certificates typically provide trust and authentication between infrastructure components, such as load balancers, API gateways, or Kubernetes controllers.

A well-designed PKI system should be able to handle both types of certificates and manage their lifecycle efficiently.

arrow

Solution

Consistency across the containerized application environment

EJBCA PKI supports cert-manager and securing service meshes via Istio and generic TLS, providing engineers with tools to secure their containerized applications. Today, you can try:

  • Automated issuance of certificates for Kubernetes applications with cert-manager and EJBCA PKI
  • Use EJBCA PKI with HashiCorp Vault
  • Issuing certificates from EJBCA for Istio's mutual mTLS
  • SPIFFE/SPIRE workload identities with EJBCA PKI
  • Certificates for TLS and mTLS, manually or via REST

EJBCA centralizes certificate management, providing a single control point for issuance, revocation, and renewal. This consistency and security extends across the entire containerized application environment, reducing the risk of security incidents and data breaches.

Tutorials

spiffe-spire-horizontal-white-text
DevOps
2025-03-21

EJBCA PKI as the UpstreamAuthority in SPIRE

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
SPIFFE/SPIRE
EJBCA logo website
DevOps
2023-05-11

Issue certs to your Istio service mesh

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
ISTIO
DevOps
IoT
TLS & mTLS
2023-02-06

Client TLS certificates for mTLS, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
mTLS
EJBCA logo website
DevOps
IoT
TLS & mTLS
2023-02-06

Server TLS certificates, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
mTLS
EJBCA logo website
DevOps
Get started
TLS & mTLS
2023-05-11

Certificate management in Kubernetes with cert-manager and EJBCA

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
CERT MANAGER
EJBCA logo website
DevOps
Get started
2024-01-18

Use EJBCA PKI with HashiCorp Vault

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
EJBCA

Get inspired

Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.

PKI hierarchies - 1, 2, 3 tiers ?
Post-Quantum Cryptography
Tech Update
Ejbca
Signserver
8 April, 2025

#KEYMASTER: When Are You PQC Ready?

The journey to post-quantum cryptography (PQC) readiness is more than just ad...
Read more
Keyfactor Release
Implementing Cryptography
Installation & Deployment
Post-Quantum Cryptography
Release
Ejbca
Signserver
31 March, 2025

EJBCA 9.1 Community is Here!

EJBCA 9.1 Community edition brings the latest advancements in PKI and cryptog...
Read more
PKI hierarchies - 1, 2, 3 tiers ?
DevOps
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
26 March, 2025

#KEYMASTER: Bringing Transparency to Software Supply Chains – A Deep Dive into SLSA

In this #KEYMASTER episode, host Sven Rajala is joined by Fredrik Skogman fro...
Read more

More inspiration

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data
Close