.. toctree:: :maxdepth: 1
Self signed Issuers will issue self signed certificates.
This is useful when building PKI within Kubernetes, or as a means to generate a
root CA for use with the :doc:`CA Issuer </reference/issuers/ca/index>` once
cert-manager supports setting the isCA
flag on Certificate resources
(#85).
A self-signed Issuer contains no additional configuration fields, and can be created with a resource like so:
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: selfsigning-issuer
spec:
selfSigned: {}
Note
The presence of the selfSigned: {}
line is enough to indicate that this Issuer
is of type 'self signed'.
Once created, you should be able to Issue certificates like normal by
referencing the newly created Issuer in your issuerRef
:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: example-crt
spec:
secretName: my-selfsigned-cert
dnsNames:
- example.com
issuerRef:
name: selfsigning-issuer
kind: ClusterIssuer