Download

Installation document

How can you install Certificate Manager? Certificate Manager is delivered in a Docker container. So first you install docker-ce and containerd on your machine. Once you have done that, the easiest thing to do is create a directory. for example:

mkdir /opt/certificatemanager

Install docker RedHat based

First install the docker-ce repository and activate the repository

 sudo dnf -y install dnf-plugins-core
 sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo

To install the latest version execute te command below

sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Now we need to start the docker engine and enable it on boot

systemctl enable docker;systemctl start docker

Docker Compose

Go into this directory and copy the yaml code below into the docker-compose.yml file.

services:
  certificatemanager:
    image: hostingbe/certificatemanager:latest
    container_name: CertificateManager
    restart: always
    ports:
      - 8080:80
    depends_on:
      db:
        condition: service_healthy
    environment:
      - SECRET=JZXygyTFm6sbERxCn1adRSHwHjgLwbzL  # secret store safely offline
      - DB_HOST=db                               # hostname db server
      - DB_NAME=certificatemanager               # db name
      - DB_USER=root                             # db user
      - DB_PASSWORD=secret_password              # password mysql database
      - CM_URL=http://localhost:8080             # URL of certificatemanager
      - VAULT_URI=https://your-vault-url:8200    # URL of vault
      - VAULT_TOKEN=[vault token]                # your vault app token
      - VAULT_PATH=certificatemanager            # root path vault to store data

  db:
    image: mariadb
    restart: always
    user: root
    volumes:
      - ./mysql:/var/lib/mysql
    environment:
      - MARIADB_ROOT_PASSWORD=secret_password
      - MARIADB_DATABASE=certificatemanager
    expose:
      - 3306
    healthcheck:
      test:
        [
          "CMD",
          "/usr/local/bin/healthcheck.sh",
          "--su-mysql",
          "--connect",
          "--innodb_initialized",
        ]
      interval: 10s
      timeout: 5s
      retries: 5

Through this docker-compose.yml file we use a mysql docker container for storage, but you can of course also use your own MySQL database server. Do not forget to enter the correct information such as hostname, username and password. Make sure that the docker container can access the MySQL database.

VAULT

To store the private keys and passwords, Certificate Manager uses a Hashicorp Vault, which you install yourself.