How to configure cert-manager to emit certificates from ssl.com?

cert-manager-ssl-com.md

How to configure cert-manager to emit certificates from ssl.com?

SSL.com has an ACME service for free 90-day ssl certificates.

It's pretty simple to configure cert-manager to use it, you'll need:

1. A secret containing the HMAC key.
2. An Issuer or ClusterIssuer configured with your user on ssl.com and their acme url
3. A ssl.com account

SSL.com ACME credentials

Follow this tutorial to get your ACME credentials: https://archive.is/27ko6#ftoc-heading-2

Note day your HMAC key and key_id. Edit the credential and include the role individual_certificate and validations (not sure if those are really necessary).

Cert-manager configuration

Suppose your HMAC key is TiFfIi57ms0ZRgbYRyVmhHpwtlu0oLTB2COR2ukAyk, your key_id is a4aaa21ddd33 and your ssl.com username is [email protected]

Create a secret for your HMAC key in the same namespace of the cert-manager pod (normally called cert-manager). Suppose your HMAC key is TiFfIi57ms0ZRgbYRyVmhHpwtlu0oLTB2COR2ukAyk

  kubectl create secret generic sslcom-eabsecret \
    -n cert-manager --from-literal secret=TiFfIi57ms0ZRgbYRyVmhHpwtlu0oLTB2COR2ukAyk

Create a ClusterIssuer (or Issuer) for ssl.com:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: sslcom
spec:
  acme:
    email: [email protected]
    externalAccountBinding:
      keyAlgorithm: HS256
      keyID: a4aaa21ddd33
      keySecretRef:
        key: secret
        name: sslcom-eabsecret
    server: https://acme.ssl.com/sslcom-dv-rsa

From here on, you can proceed exactly like letsencrypt.