Guidance around trust setup

Skip to first unread message

Simon Geard

Nov 20, 2022, 10:51:29 PM11/20/22
to cert-manager-dev
Hi folks... looking for some guidance for my use case, and hoping I've just overlooked an obvious answer.

I'm currently using cert-manager to create PKCS12 key and trust stores for a Java app... that part's working fine. However, I now need to add an additional trust root (the corporate CA) into the trust store, and this is where I find myself a little stuck, since cert-manager itself seems to assume a single trust root (since that's the only bit that matters for a given TLS keypair certificate).

My first reaction to that was that maybe I need the trust-manager project, since aggregating different trust sources seems to exactly what it's there for. But unlike cert-manager, trust-manager doesn't appear to offer any flexibility about the output file format - there's no way that I can see to produce a PKCS12 or JKS trust store.

What's the recommended approach to this?


Reply all
Reply to author
0 new messages