IBM Certificate manager (cert-manager)

Edit online

You can use your product cert-manager to create and mount a certificate to a Kubernetes Deployment, StatefulSet, or DaemonSet. You can also create and add a certificate to a Kubernetes Ingress.

Issuer, ClusterIssuer, and Certificate are Kubernetes resource types that were introduced to support certificate generation and lifecycle management. For more information about cert-manager, see the cert-manager community documentation Opens in a new tab .

See the following list to learn how your product cert-manager works:

The Issuer signs new certificates and key pairs.
The certificate object is similar to a certificate signing request.
The actual X.509 certificate and key pair for TLS or authentication is stored as a Kubernetes Secret.
The certificate is renewed automatically or can be renewed manually.

First, create an Issuer and then create a certificate that will be signed by that Issuer. Your product Certificate manager generates an X.509 certificate and key pair and stores it within a Kubernetes Secret.

Listing your Issuers and Certificates

Edit online

To list your v1 Issuers and Certificates, complete the following actions:

To list the v1 Issuers, run the following oc command:
```
oc get issuers
```
To list the v1 Certificates, run the following oc command:
```
oc get certs
```

If, after running these commands, you do not see any v1 Issuers and Certificates, and you expect there to be Issuers and Certificates, list the v1alpha1 Issuers and Certificates.

To list your v1alpha1 Issuers and Certificates, complete the following actions:

To list v1alpha1 Issuers, run the following oc command:
```
oc get issuers.v1alpha1.certmanager.k8s.io`
```
To list v1alpha1 Certificates, run the following oc command:
```
oc get certificates.v1alpha1.certmanager.k8s.io
```

Certificate manager supports IPv4 and IPv6 addresses.

For more information about Certificate manager and other configuration tools, see the following product documentation:

Note: The apiVersion certmanager.k8s.io/v1alpha1 in all cert-manager Custom Resources (Certificates, Issuers, and ClusterIssuers) is deprecated and replaced by cert-manager.io/v1.