Create the ClusterIssuer Resource

A ClusterIssuer is a Kubernetes resource that defines a certificate authority A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. for issuing TLS TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. certificates across the cluster. Create a ClusterIssuer resource to configure the Keyfactor ACME server as the certificate issuer for the cluster as follows:

Create a new yaml file and open it for editing. For example:
Copy
```
nano issuer.yaml
```
Note: See the following, which describes the format for the YAML files:
https://cert-manager.io/docs/configuration/acme/

Place the following content into the file.

The fields highlighted in red below indicate fields that need to be edited or that you may wish to edit. The fields highlighted in green indicate data provided with secrets in the previous steps.

Important: When editing the file, be sure to preserve the indenting exactly as shown. YAML requires a very specific file layout to function. If the indenting (multiples of two spaces) or layout is incorrect, you will receive an error when trying to apply the file.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: keyfactor-acme-issuer
spec:
  acme:
    email: <email address>
    server: https://<FQDN URL of the Keyfactor ACME  server>/ACME
    externalAccountBinding:
      keyID: <Keyfactor ACME  KeyID>
      keySecretRef:
        name: eab-secret
        key: secret
    privateKeySecretRef:
      name: keyfactor-issuer-account-key
    solvers:
      - http01:
          ingress:
            class: nginx

Save the file.
Apply the resource to your cluster:
Copy
```
sudo kubectl apply -f issuer.yaml
```
Verify that the account was created successfully using the following command:
Copy
```
sudo kubectl describe clusterissuer keyfactor-acme-issuer
```
Near the bottom of the result you should see Status: True. If there is an issue with your account, the error message may appear in the Message property for your information.
Tip: If you need to delete and try again, use this command:
Copy
```
sudo kubectl delete -f issuer.yaml
```

Was this page helpful? Provide Feedback

Version v25.2

On this page: