As noted in #51, If you run cfssl apiserver tls-enabled, it is currently not possible to use self-signed certificate, because certmgr will reject it.
The request is to support self-signed certificates, in order to support the use case described in NixOS/nixpkgs#45670 where certmgr is intended to support Kubernetes on NixOS.
Opening this as an issue to put the question of whether certmgr should support self-signed certs, and to expose that as a desirable goal for the above use case.
As noted in #51, If you run cfssl apiserver tls-enabled, it is currently not possible to use self-signed certificate, because certmgr will reject it.
The request is to support self-signed certificates, in order to support the use case described in NixOS/nixpkgs#45670 where certmgr is intended to support Kubernetes on NixOS.
Opening this as an issue to put the question of whether certmgr should support self-signed certs, and to expose that as a desirable goal for the above use case.