Intermediate CA certificate and key from EJBCA #927
Replies: 2 comments 6 replies
-
|
Not sure I understand your question. Yes EJBCA works off line. Yes you can get CA certificates from it by simple URLs, and yes there is a cert-manager plugin for EJBCA on Keyfactor GitHub. |
Beta Was this translation helpful? Give feedback.
-
|
If you see above , we have Cluster-1 and Cluster-2 .. Assume both clusters run cert-manager service which issues and monitors leaf certificates for various application .. But to create a Issuer/ClusterIssuer in cert-manager , i need to create a secret containing both tls.crt and tls.key ... This tls.crt , tls.key is CA cert and key ... can i get CA cert and key from EJBCA ? |
Beta Was this translation helpful? Give feedback.
-
|
Can i bring up an instance of EJBCA in container or VM in my datacenter ? I want to configure the Cert Managers running in each K8s clusters to connect to this EJBCA running outside the k8s cluster .. How to do this ? |
Beta Was this translation helpful? Give feedback.
-
|
@primetomas i brought up EJBCA in docker container inside VM using below instructions. The version is Version : EJBCA 9.1.1 Community (8207be0e6112067a33b82328d8e15870b5492da7) Now i am trying to integrate Cert-Manager from my k8s cluster with this EJBCA using below instruction. But i see that steps mentioned are not matching with what is available in EJBCA Admin UI. Under Step-1 Configure EJBCA for the cert-manager integration , under point-6 , it says For Authorized CAs, select My PKISubCA-G1 |
Beta Was this translation helpful? Give feedback.
-
|
I think you should run through many of the other tutorials, setting up PKI hierarchies, understanding Root and Issuing CAs and how it fits together. What you describe is because it builds on a previous step setting up a CA hierarchy with a dedicated Root and Issuing CA. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @primetomas , I went through the list of tutorial videos which explains how to create Root CA , Sub CA , token creation , Certificate Profile and End Entity profile etc. Then i started following the steps in https://docs.keyfactor.com/ejbca/latest/tutorial-use-ejbca-with-cert-manager. When i am following steps mentioned under Step-2: Create Key, Certificate Signing Request (CSR), and get the certificate for the RA credential , under Submit the CSR to EJBCA to get the certificate , its mentioned that Select RA-Administrator for the Certificate Type. But i dont find the option of RA-Administrator in drop down. I see 3 options in drop down . One option is EMPTY and other 2 options are EndEntity Profiles i created for Server and Client. I have brought up the EJBCA in a container using docker compose option on a VM. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @primetomas , Could you please help me with above query .? I am stuck on this one. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi All ,
We are setting up a telco cloud using on-prem K8s clusters. Between k8s clusters we want to enable tls/mtls. Each of these k8s cluster have cert-manager running. We want to use cert-managers to issue leaf certificates and manage the life cycle of those certificates for different applications. These leaf certificates must be signed by a CA certificate. So we can set up a Cluster Issuer by providing a k8s secret containing CA certificate and key. Can i get this CA certificate and key from EJBCA ? Lets assume that these k8s clusters may not have internet connection , as these are telco cloud on-prem k8s clusters. I can't configure cert-manager to use EJBCA to get CA certificates automatically .. Can i use this offline method where i can get the CA certificate and key ?
Beta Was this translation helpful? Give feedback.
All reactions