openshift-docs/modules/cert-manager-certificate-api-server.adoc

// Module included in the following assemblies:
//
// * security/cert_manager_operator/cert-manager-creating-certificate.adoc

:_mod-docs-content-type: PROCEDURE
[id="cert-manager-certificate-api-server_{context}"]
= Creating certificates for the API server

.Prerequisites

* You have access to the cluster with `cluster-admin` privileges.
* You have installed version 1.13.0 or later of the {cert-manager-operator}.

.Procedure

. Create an issuer. For more information, see "Configuring an issuer" in the "Additional resources" section.

. Create a certificate:

.. Create a YAML file, for example, `certificate.yaml`, that defines the `Certificate` object:
+
.Example `certificate.yaml` file
+
[source, yaml]
----
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: <tls_cert> #<1>
  namespace: openshift-config
spec:
  isCA: false
  commonName: "api.<cluster_base_domain>" #<2>
  secretName: <secret_name> #<3>
  dnsNames:
  - "api.<cluster_base_domain>" #<4>
  issuerRef:
    name: <issuer_name> #<5>
    kind: Issuer
----
<1> Provide a name for the certificate.
<2> Specify the common name (CN).
<3> Specify the name of the secret to create that contains the certificate.
<4> Specify the DNS name of the API server.
<5> Specify the name of the issuer.

.. Create the `Certificate` object by running the following command:
+
[source, terminal]
----
$ oc create -f certificate.yaml
----

. Add the API server named certificate. For more information, see "Adding an API server named certificate" section in the "Additional resources" section.

[NOTE]
====
To ensure the certificates are updated, run the `oc login` command again after the certificate is created.
====

.Verification

* Verify that the certificate is created and ready to use by running the following command:
+
[source, terminal]
----
$ oc get certificate -w -n openshift-config
----
+
Once certificate is in `Ready` status, API server on your cluster can start using the generated certificate secret.