Certificate Management

Create and renew Certificates automatically and effortlessly.

We operate a Cert-Manager within the Kubernetes along with a ClusterIssuer named wwuit-acme, which enables the acquisition of certificates. These certificates are stored in Secrets and renewed automatically.

Only hosts that have been approved in the application are allowed in the certificates.

Also make sure the entries in your certificate has a proper FQDNs. Otherwise the certificate might get revoked.

This would for example create a certificate for example.uni-muenster.de and stores it in the Secret example-certificate:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  annotations:
    cert-manager.io/issue-temporary-certificate: "true"
  name: example
  namespace: example
spec:
  commonName: example.uni-muenster.de
  dnsNames:
    - example.uni-muenster.de
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: wwuit-acme
  privateKey:
    algorithm: ECDSA
    rotationPolicy: Always
    size: 256
  secretName: example-certificate
  subject:
    countries:
      - DE
    localities:
      - Muenster
    organizations:
      - Westfaelische Wilhelms-Universitaet Muenster
    provinces:
      - Nordrhein-Westfalen