-
|
Hi All, I'm not sure if I'm asking in the correct spot, but figured I'd see if anyone knows the answer. I have step-ca setup via helm and I'm trying to get it to work with cert-manager http-01 challenge. The one thing I've been update to find out reading either step-ca or cert-manager docs, is how to I generate a tls.key to be used with the http-01 challenge. My step ca provisioners looks something like: provisioners:
- claims: {}
forceCN: false
name: acme
type: ACME
- encryptedKey: >- <snipped>
key:
alg: ES256
crv: P-256
kid: <snipped>
kty: EC
use: sig
x: <snipped>
'y': <snipped>
name: cert-manager
type: JWKMy issue is cert-manager requires a apiVersion: cert-manager.io/v1kind: Issuer
metadata:
name: dev-acme-server
namespace: cert-manager-development
spec:
acme:
preferredChain: ""
privateKeySecretRef:
name: some-tls-key-i-dont-know-how-to-get #< ---- This should contain a tls.key value, but how do you get it?
server: https://step-ca.internal.domain.com:9001/acme/acme/directory
solvers:
- http01:
ingress:
name: traefik |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Answering my own question. My understand of what |
Beta Was this translation helpful? Give feedback.
Answering my own question. My understand of what
privateKeySecretRefwas incorrect. Instead ofprivateKeySecretRefbeing something you create before the configuration, this is actually something that cert-manager will create once the Issuer is deployed