Rotate Roots Right Round: Using Cert-Manager for Safer Private PKI

This talk explores the benefits and implementation of managing your own Certificate Authority (CA) for Public Key Infrastructure (PKI), especially within a cloud-native landscape. It details how to use cert-manager to safely deploy a private PKI at organizational scale, emphasizing the critical need for planning root certificate rotation to avoid outages. The presentation covers key risks such as improper access control and trust management, and introduces tools like cert-manager, approver policy, and trust manager to mitigate these challenges. It also discusses different architectural approaches and the importance of having a robust rotation plan, highlighting that revocation is often unreliable. The speaker, Ashley Davis, a cert-manager maintainer, encourages attendees to explore private PKI for cost savings, increased control, and enabling advanced use cases.