Corporate CA for DAP when using Kubernetes integration

afridrikh · June 18, 2020, 10:18pm

Hey guys,

Just a matter of curiosity, is it possible to use the corporate CA and then issue certificates for master and standby nodes and at the same time properly configure followers placed in kubernetes?

The documentation says it is required to “Initialize the CA” (DAP local CA) - https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Integrations/Kubernetes_deployApplicationCluster.htm?tocpath=Integrations|OpenShift%2C%20Kubernetes%2C%20and%20GKE|_____5#InitializetheCA

but did anyone try to use the corporate CA for these purposes? Is it possible?

Thanks in advance for any feedback,
Anton

afridrikh · June 23, 2020, 7:58am

Well, answering my question:

You can issue a SubCA certificate using Domain CA and just upload it to DAP with the private key, then it’ll be used for k8s resources authorisation.

nathan.whipple · June 23, 2020, 2:18pm

Hi Anton,

I hadn’t tried this yet, but suspected it would work for the same reasons you did. Thanks for confirming! Do you think this is something worth documenting?

Regards,
Nate

Topic		Replies	Views
Certificate renewal for DAP General	2	396	November 19, 2021
DAP Reference architecture Development dap	6	1002	August 19, 2021
AAM CCP Harden v1.0.0 - Automatic hardening of AIMWebService for AAM CCP Conjur Enterprise	0	835	March 4, 2020
Terraform - Account onboarding to PAM on-premise General	3	377	June 24, 2023
Query on LDAP Sync disabled on latest versions Conjur Enterprise	9	1422	March 27, 2020

Corporate CA for DAP when using Kubernetes integration

Related Topics