kube-lego icon indicating copy to clipboard operation
kube-lego copied to clipboard
verified publisher icon jetstack

direct cfssl certificate issuance?

Open tmc opened this issue 8 years ago • 2 comments

Direct cfssl issuance might make more sense when you might exceed letsencrypt limits and run an internal CA.

tmc avatar Jun 14 '17 03:06 tmc

This would be a nice feature, however I'm hesitant to add additional auth types, especially when they are so distinct.

If you have issues with rate limits on Letsencrypt and want to run your own CA, it may be worth considering running your own instance of boulder, the ACME server.

munnerz avatar Jul 05 '17 11:07 munnerz

So a quick update, I've been working on cert-manager that should (eventually) allow for this.

It has a pluggable set of issuer backends, so we should be able to support a simple issuer backed by a plain signing certificate/key instead of being tied to ACME. The relevant issue is here: https://github.com/jetstack-experimental/cert-manager/issues/8

It's scheduled to be added in to be present for the 0.0.1 release, so I'd love to hear your feedback once it's there!

munnerz avatar Aug 11 '17 10:08 munnerz