Issuers
The following list contains all known cert-manager issuer integrations.
| Tier | Controller | Docs | Issuer | cert-manager version used in tutorial1 | Released within 12 months2 | Is Open Source |
|---|---|---|---|---|---|---|
| š„ | acme-issuer (in-tree) | š | ACME | latest | āļø | āļø |
| š„ | venafi-enhanced-issuer | š | Venafi TLS Protect | v1.12.1 | āļø | ā |
| š„ | adcs-issuer | š | Microsoft Active Directory Certificate Service | - | āļø | āļø |
| š„ | aws-privateca-issuer | š | AWS Private Certificate Authority | - | āļø | āļø |
| š„ | ca-issuer (in-tree) | š | CA issuer | - | āļø | āļø |
| š„ | command-issuer | š | Keyfactor Command | - | āļø | āļø |
| š„ | ejbca-issuer | š | EJBCA | - | āļø | āļø |
| š„ | google-cas-issuer | š | Google Cloud Certificate Authority Service | - | āļø | āļø |
| š„ | gs-atlas-issuer | š | GlobalSign CA | - | āļø | āļø |
| š„ | horizon-issuer | š | EVERTRUST Horizon | - | āļø | āļø |
| š„ | ncm-issuer | š | Nokia Netguard Certificate Manager | - | āļø | āļø |
| š„ | selfsigned-issuer (in-tree) | š | Self-Signed issuer | - | āļø | āļø |
| š„ | step-issuer | š | Certificate Authority server | - | āļø | āļø |
| š„ | tcs-issuer | š | Intel's SGX technology | - | āļø | āļø |
| š„ | vault-issuer (in-tree) | š | HashiCorp Vault | - | āļø | āļø |
| š„ | venafi-issuer (in-tree) | š | Venafi TLS Protect | - | āļø | āļø |
| š„ | cfssl-issuer | š | CFSSL | - | ā | āļø |
| š„ | freeipa-issuer | š | FreeIPA | - | ā | āļø |
| š„ | kms-issuer | š | AWS KMS | - | ā | āļø |
| š„ | origin-ca-issuer | š | Cloudflare Origin CA | - | ā | āļø |
- The issuers are sorted by their tier and then alphabetically.
- "in-tree" issuers are issuers that are shipped with cert-manager itself.
- These issuers are known to support and honor approval.
If you've created an issuer which you'd like to share, raise a Pull Request to have it added here!
Issuer Tier system
The cert-manager project has a tier system for issuers. This is to help users understand the maturity of the issuer. The tiers are š„, š„ and š„.
NOTE: The cert-manager maintainers can decide to change the criteria and number of tiers at any time.
š„ Tier (Production-ready)
- š„ Tier criteria.
- The issuer has an end-to-end tutorial on how to set it up with cert-manager for use in production.
At the time of checking1, the used cert-manager version has to be still supported (see Supported Releases).
An end-to-end tutorial must include:
- a short explanation on how to install cert-manager (including the used version and a link to https://cert-manager.io/docs/installation/)
- all required steps to install the issuer
- an explanation on how to configure the issuer's Custom Resources
- an explanation on how to issue a certificate using the issuer (using a Certificate resource)
š„ Tier (Maintained)
- The issuer has had a release in the last 12 months (at the time of checking all issuers2).
š„ Tier (Unmaintained)
Other
Building New External Issuers
If you're interested in building a new external issuer, check the development documentation.
