# Certificates

This section contains the CA certificates used for testing.
The only step necessary is to [install](#install-and-trust-the-CA) the CA.
The rest of the documentation is for reference.

## Setup

First we generate a key for our CA certificate:

```shell
openssl genrsa -out local-ca.key 2048
```

Then generate the CA certificate:

```shell
openssl req -new -x509 -nodes -days 365000 \
   -key local-ca.key \
   -out local-ca.pem
```

Generate a k8s secret:

```shell
kubectl create secret generic ca-key-pair2 \
  --from-literal=tls.crt="$(cat local-ca.pem)" \
  --from-literal=tls.key="$(cat local-ca.key)"
```

The [certificates.yaml](../k8s/app/certificates.yaml) contains the secrets already and wil be used by cert-manager
to sign certificates.

## Install and trust the CA

```shell
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" local-ca.pem
```