The only certificate, that is self signed, is the certificate of the CA (as with every Root CA). So the rest of the certificates like the one for your nginx is a signed certificate - it’s signed by a non public CA but it is not self signed. But despite of this detail your explanation is very useful for getting better view on certificates in common and on Kubernetes in particular.

Hey Christian, hopefully you have enjoyed your holidays! Thanks for this video and good explanation! In my opinion all of your tutorials are really valuable. Keep on going this good work and as we can see, your community is growing and growing... :-)

To everyone who wondered which tool was used to draw the ascii diagram @11:47 … Not exactly sure which particular one did Christian use (would be nice to know), but such diagrams can be created with tools like ‘asciiflow’ and ‘asciio’

This video es super clear. Could you please tell us which software do you use to show the Architecture Diagram (from Powershell)?

You can use kubectl create secret with -from-file flags to upload the contents. I haven’t tried it from windows though

Sounds like a bit complicated, but your delivery is quite clear, and I would give it a try on my home lab! Thanks!

Hi, thanks for the amazing contents! Could you also share the name of the tool that you use for drawing the diagram in markdown?

Thank you! Quick and precise.

What an awesome guide and very clear on the steps, thanks for your time. I followed the steps but i end up with this error message "message: 'Error getting keypair for CA issuer: certificate is not a CA'" when creating the cluster issuer which isn't the case in your video. What am i missing? Thanks again for the time invested

Great guide. I've followed it but made some changes. I created an intermediate certificate signed by my Active Directory root CA and uploaded the chain to cert-manager. It's working great. I wanted to change the certificate of Rancher and Portainer, but Helm installation automatically creates an Issuer for the namespace, so I don't know exactly how should I change them.

Thank you ! Best teacher

This is super awesome. Keep going !

Hi, your tutorials helped me a lot. can you do a tutorial about hosting gristlabs/grist with portainer. please?

This video give a super clear explanation about issuer and certificate. Is it right to say that the benefits over let’s Encrypt certificate is to be more independent as we do not expose it to internet?

LabCA is also an interesting one , it's actually a community build of Boulder , the same ACME CA backend used by Let's Encrypt

Followed and subscribed. Thanks for your guidance.

HI , This tutorial is good . thanks lot for sharing info . when i try to install cert-manager using helm ... cert-manager helm status shown as pending-install and my kuberates version v1.23.3... can you share your suggestion on this

you can use stringData instead of data in your secret manifest and paste multiline pem certs instead of base64 string

Is there any way to have ssl certificates inside twingate in this kubernetes environment?

This works but there is also the option of having certmanager automate creating the self signed certificate and secret.

Thx, bro! U are my hero)

diagram at 12:00, did you use some tool, or made it manually? about base64 and secrets, just use stringData insead of data and put them straight into the secret, no need to encode them

Thank you for the video. I am trying to secure a mosquitto broker using k8s cluster and exposed with a loadbalancer, can this implementation be used to secure the mqtt connection?

Hi Christian, I have weird question) How you did scheme on timeline 11:46 ?

Hi, can you make a tutorial how to redirect IP address automatically to domain When using nginx proxy manager to manage containers reverse proxy.

I followed the exact tutorial, but traefik is unable to find the middleware, saying it doesnot exist. Can anyone help on this??

Tried this method, doesn't work. Had an issue with the RSA structure being too large after encoded. Just a heads up.

How to manage windows server data real time backup i can purchase to servers

Which VSC theme & font are you using?

Shell theme is so cool. Could someone please help me with the name of the theme

Use git-bash or WSL2 instead.

how to base64 in powershell? docker run -it bash XD

Bro all we care about is whether or not an American style Kölsch counts as a REAL Kölsch.

Doing it under windows -> install wsl2 and use linux there 😂

Base64: from a stackOverflow answer this should be the solution and I also had to use certutils for importing a certificate to ADS in Windows Server 2012: > Windows comes with certutil.exe (a tool to manipulate certificates) which can base64 encode and decode files. > certutil -encode test.exe test.txt > certutil -decode test.txt test.exe Additional M$ has a documentation "Convert file to Base64 string format" with this one-liner: > [convert]::ToBase64String((Get-Content -path "your_file_path" -Encoding byte))

SSL Certificate and Easy Guide should never be used in the same statement

i have tried using in windows using physical location it worked for me to convert self-signed certificate > cat C:\\Users\\username\\ca.crt | base64 -w 0

How can I contact you +

May be you can try like this for encoding with Base64 with Powershell Encoding: $Cert = ‘This is a secret' $Bytes = [System.Text.Encoding]::Unicode.GetBytes($Cert) $EncodedText =[Convert]::ToBase64String($Bytes) $EncodedText

You can try this for PowerShell Core: [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(@(Get-Content ca.crt)))