Programmatically create certificates ?

25 views
Skip to first unread message

Darshan

unread,
Jul 16, 2021, 6:08:06 PM7/16/21
to cert-manager-dev
Hi
I have started using cert-manager for generating self signed certificates. I was wondering if there was a way we can generate certificates during runtime using any api or programming construct. 

Alternately I am thinking, we can have a template file, and during the run time fill in the yaml file and apply that using kubectl, but a programmatic access would be nice. Any thoughts ?

Thanks.

Bryan Hunt

unread,
Jul 20, 2021, 7:52:26 AM7/20/21
to cert-manager-dev
It would probably be best if you just worked directly with OpenSSL or with a wrapper (in whatever language you are using) over the OpenSSL API if you are just generating self-signed certs. 
Alternatively, communicate with the Kubernetes API server and create the objects (Certificate,Issuer) that you need programmatically and dispense with invoking the kubectl executable (risks of insecure invocation as with any exec call).

Darshan

unread,
Jul 20, 2021, 5:08:52 PM7/20/21
to cert-manager-dev
Thanks Bryan.

We have a root cert (self signed) for our cluster which is generated by cert-manager. The other certificates that we generate for other clients, we want to get them signed by the root cert, that's why we face the above problem. Since CN is not known apriori for these clients, we want to be able to create them when needed and not necessarily at the beginning.

Reply all
Reply to author
Forward
0 new messages