1. Home
  2. /
  3. Use cases
  4. /
  5. Issue certificates for Container environments

Issue certificates for Container environments

In a containerized environment, certificates and mTLS are critical in securing your infrastructure. Our guides take you through the step-by-step process of implementing a trusted certificate-issuing process to meet your security needs, leveraging cert-manager, Istio, HashiCorpVault, and CSR API as vital security tools.

hero-sub-2

Challenge

Both short-lived and longer-lived certificates are required to balance security

Certificates and mTLS are critical for securing communication in a containerized environment. They help ensure that the communication is secure, authenticated, and compliant. In addition, in many cases, both short-lived (ephemeral) and longer-lived certificates are required to balance the security and operational needs of the infrastructure.

Ephemeral certificates ensure that workload-to-workload communication between containers or microservices within a cluster is secure. These certificates are designed to be renewed frequently, every few minutes, hours, or days. Longer-lived certificates typically provide trust and authentication between infrastructure components, such as load balancers, API gateways, or Kubernetes controllers.

A well-designed PKI system should be able to handle both types of certificates and manage their lifecycle efficiently.

arrow

Solution

Consistency across the containerized application environment

EJBCA PKI supports cert-manager and securing service meshes via Istio and generic TLS, providing engineers with tools to secure their containerized applications. Today, you can try:

  • Automated issuance of certificates for Kubernetes applications with cert-manager and EJBCA PKI
  • Use EJBCA PKI with HashiCorp Vault
  • Issuing certificates from EJBCA for Istio's mutual mTLS
  • Certificates for TLS and mTLS, manually or via REST

EJBCA centralizes certificate management, providing a single control point for issuance, revocation, and renewal. This consistency and security extends across the entire containerized application environment, reducing the risk of security incidents and data breaches.

Tutorials

EJBCA logo website
DevOps
2023-05-11

Issue certs to your Istio service mesh

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
ISTIO
DevOps
IoT
TLS & mTLS
2023-02-06

Client TLS certificates for mTLS, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
mTLS
EJBCA logo website
DevOps
IoT
TLS & mTLS
2023-02-06

Server TLS certificates, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
mTLS
EJBCA logo website
DevOps
Get started
TLS & mTLS
2023-05-11

Certificate management in Kubernetes with cert-manager and EJBCA

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
CERT MANAGER
EJBCA logo website
DevOps
Get started
2024-01-18

Use EJBCA PKI with HashiCorp Vault

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
EJBCA

Get inspired

Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.

PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Tech Update
Ejbca
Signserver
8 October, 2024

#KEYMASTERS – What is Bring Your Own Key (BYOK), and why should you use it?

In this KEYMASTER session, Jiannis Papadakis, Director of Solutions Engineeri...
Tony-Chen-at-SOSS-Community-Day-Japan
Post-Quantum Cryptography
Event
3 October, 2024

Join us at SOSS Community Day Japan on October 30

Get quantum ready with Tony Chen He, CISSP, Solution Engineer, Keyfactor, as...
Eric-Mizell-at-SOSS-Fusion-2024
Post-Quantum Cryptography
Event
3 October, 2024

Join us at SOSS Fusion 2024 in Alpharetta, GA on October 23

Start the Quantum Readiness Journey with Hands-on Guidance Join Eric Mizell,...

Related open-source projects