Certificate Management

Create and renew Certificates automatically and effortlessly.

Currently, we are unable to offer automation for certificates as our new service provider at the University of Münster has not yet implemented all the necessary features for this purpose. Until then, it is only possible to request server certificates through the IT-Portal and store them manually in a secret in Kubernetes.

We operate a Cert-Manager within the Kubernetes along with a ClusterIssuer named wwuit-acme, which enables the acquisition of certificates. These certificates are stored in Secrets and renewed automatically.

Only hosts that have been approved in the application are allowed in the certificates.

This would for example create a certificate for example.uni-muenster.de and stores it in the Secret example-certificate:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  annotations:
    cert-manager.io/issue-temporary-certificate: "true"
  name: example
  namespace: example
spec:
  commonName: example.uni-muenster.de
  dnsNames:
    - example.uni-muenster.de
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: wwuit-acme
  privateKey:
    algorithm: ECDSA
    rotationPolicy: Always
    size: 256
  secretName: example-certificate
  subject:
    countries:
      - DE
    localities:
      - Muenster
    organizations:
      - Westfaelische Wilhelms-Universitaet Muenster
    provinces:
      - Nordrhein-Westfalen