Replies: 2 comments
-
I'm not too sure cert-manager is intended to issue certificates of its own, you may want to another tool that offers CA features which ties into cert-manager, like hashicorp vault |
Beta Was this translation helpful? Give feedback.
0 replies
-
I actually have something like this in my test files, you just need to modify it a bit to add intermediates ---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: ca
spec:
# Secret names are always required.
secretName: ca
duration: 2160h # 90d
renewBefore: 360h # 15d
commonName: ca
isCA: true
keySize: 2048
issuerRef:
name: selfsigned-issuer
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: ca-issuer
spec:
ca:
secretName: ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: client
spec:
secretName: client-cert
duration: 2160h # 90d
renewBefore: 360h # 15d
isCA: false
issuerRef:
name: ca-issuer |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is your feature request related to a problem? Please describe.
We have out internal PKI. I'd like cert-manager CA to be intermediary CA in the chain. I created tls secret for cert-manager CA in our PKI using "subordinate CA" template with "CA: true" bit set and it is chain of "cert-manager CA" --> "Intermediary CA" --> Root CA. I expected to have full chain of certificates presented in certificates issued by cert-manager CA. But cert-manager issued certificate seems to be self-signed and from "example.com".
Maybe I'm missing somethin but I could not find any configuration examples of such setup anywhere in documentation.
Environment details (remove if not applicable):
/kind feature
Beta Was this translation helpful? Give feedback.
All reactions