The following list contains all known cert-manager issuer integrations.
|Is Open Source|
|🥇||venafi-enhanced-issuer||📄||Venafi TLS Protect||v1.12.1||✔️||❌|
|🥈||aws-privateca-issuer||📄||AWS Private Certificate Authority||-||✔️||✔️|
|🥈||ca-issuer (in-tree)||📄||CA issuer||-||✔️||✔️|
|🥈||google-cas-issuer||📄||Google Cloud Certificate|
|🥈||ncm-issuer||📄||Nokia Netguard Certificate Manager||-||✔️||✔️|
|🥈||selfsigned-issuer (in-tree)||📄||Self-Signed issuer||-||✔️||✔️|
|🥈||step-issuer||📄||Certificate Authority server||-||✔️||✔️|
|🥈||tcs-issuer||📄||Intel's SGX technology||-||✔️||✔️|
|🥈||vault-issuer (in-tree)||📄||HashiCorp Vault||-||✔️||✔️|
|🥈||venafi-issuer (in-tree)||📄||Venafi TLS Protect||-||✔️||✔️|
|🥉||adcs-issuer||📄||Microsoft Active Directory|
|🥉||origin-ca-issuer||📄||Cloudflare Origin CA||-||❌||✔️|
- The issuers are sorted by their tier and then alphabetically.
- "in-tree" issuers are issuers that are shipped with cert-manager itself.
- These issuers are known to support and honor approval.
If you've created an issuer which you'd like to share, raise a Pull Request to have it added here!
The cert-manager project has a tier system for issuers. This is to help users understand the maturity of the issuer. The tiers are 🥇, 🥈 and 🥉.
NOTE: The cert-manager maintainers can decide to change the criteria and number of tiers at any time.
- 🥈 Tier criteria.
- The issuer has an end-to-end tutorial on how to set it up with cert-manager for use in production.
At the time of checking1, the used cert-manager version has to be still supported (see Supported Releases).
An end-to-end tutorial must include:
- a short explanation on how to install cert-manager (including the used version and a link to https://cert-manager.io/docs/installation/)
- all required steps to install the issuer
- an explanation on how to configure the issuer's Custom Resources
- an explanation on how to issue a certificate using the issuer (using a Certificate resource)
- The issuer has had a release in the last 12 months (at the time of checking all issuers2).
If you're interested in building a new external issuer, check the development documentation.