Manage Certificates with cert-manager

Learn how to configure cert-manager to manage certificates for the SecureAuth deployment.

Manage Certificates with cert-manager

SecureAuth requires certificate to work properly. SecureAuth configuration provides a default certificate, but it should not be used outside of development environment. You can either provide and maintain your own certificate, making sure it is rotated periodically, or use a certificate manager to do this for you.

Certificate manager requires Certificate Authority to sign incoming certificate requests. Although self signed CA could be issued by cert-manager itself, it is recommended to use company trusted CA to sign other certificates.

To learn more, visit CA and Self Signed cert-manager documentation.

Prerequisites

Certificate Manager v1.0+

Integrate cert-manager with SecureAuth

By default, certificate is issued for 90days with rotation on 30days remaining. It uses RSA key of 2048. You can override any of those. For the full list of parameters see values reference here.

Enable Cert Manager integration with custom parameters:

certManager:
  enabled: true
  commonName: acp
  renewBefore: 360h
  privateKey:
    size: 4096
  extraNames:
    - root

Default issuer name is ca-issuer of type ClusterIssuer. You can change those settings as shown below:

Generate self signed issuer:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}

Update default issuer:

certManager:
  issuerRef:
    name: selfsigned-issuer
    kind: Issuer

In this section:

Manage Certificates with cert-manager

Manage Certificates with cert-manager

Prerequisites

Integrate cert-manager with SecureAuth

Search results