This is a cache of https://docs.openshift.com/container-platform/4.12/security/cert_manager_operator/cert-manager-creating-certificate.html. It is a snapshot of the page at 2024-11-29T11:31:34.298+0000.
Configuring certificates with an issuer - cert-manager Operator for Red Hat OpenShift | Security and compliance | OpenShift Container Platform 4.12
×

By using the cert-manager Operator for Red Hat OpenShift, you can manage certificates, handling tasks such as renewal and issuance, for workloads within the cluster, as well as components interacting externally to the cluster.

Creating certificates for user workloads

Prerequisites
  • You have access to the cluster with cluster-admin privileges.

  • You have installed the cert-manager Operator for Red Hat OpenShift.

Procedure
  1. Create an issuer. For more information, see "Configuring an issuer" in the "Additional resources" section.

  2. Create a certificate:

    1. Create a YAML file, for example, certificate.yaml, that defines the Certificate object:

      Example certificate.yaml file
      apiVersion: cert-manager.io/v1
      kind: Certificate
      metadata:
        name: <tls_cert> (1)
        namespace: <issuer_namespace> (2)
      spec:
        isCA: false
        commonName: '<common_name>' (3)
        secretName: <secret_name> (4)
        dnsNames:
        - "<domain_name>" (5)
        issuerRef:
          name: <issuer_name> (6)
          kind: Issuer
      1 Provide a name for the certificate.
      2 Specify the namespace of the issuer.
      3 Specify the common name (CN).
      4 Specify the name of the secret to create that contains the certificate.
      5 Specify the domain name.
      6 Specify the name of the issuer.
    2. Create the Certificate object by running the following command:

      $ oc create -f certificate.yaml
Verification
  • Verify that the certificate is created and ready to use by running the following command:

    $ oc get certificate -w -n <issuer_namespace>

    Once certificate is in Ready status, workloads on your cluster can start using the generated certificate secret.

Additional resources