Can I use cert-manager for mTLS?

Hi. I’m reading the documentation regarding integrating with cert-manager and have a question… Does cert-manager integration only work for use in HTTPS like when exposing a web server to the outside world, or will it work also for mTLS?

In particular, I’m setting up a multi-cluster configuration and would find it awfully convenient if there was an option available for having automatic CA provisioning.

Possibly related to Why not use cert-manager to manage ca cert for istio-sidecar-injector but not quite the same, I believe.

We use cert-manager to handle updating expiring certs on our ingresses… Those certs prove we are who we say we are, and cert-manager/lets-encrypt verifies this by temporarily modifying the ingress and running tests to prove who we are…

Your use case is different, and it feels like you may be on the wrong track with this idea. Keep me in the loop if you have success though. Its always nice to hear new approaches

I too suspect that it’s not the right tool for the job. But I’ll have to investigate more before I’m certain.

There’s some interesting FAQ on the letsencrypt page, especially this and this.