As noted in #51, If you run cfssl apiserver tls-enabled, it is currently not possible to use self-signed certificate, because certmgr will reject it.
The request is to support self-signed certificates, in order to support the use case described in https://github.com/NixOS/nixpkgs/pull/45670 where certmgr is intended to support Kubernetes on NixOS.
Opening this as an issue to put the question of whether certmgr should support self-signed certs, and to expose that as a desirable goal for the above use case.
This should be resolved via the merged PR; pardon the lag in reviewing it. You should expect an RC release in the next week to two that will contain that fix.
As noted in #51, If you run cfssl apiserver tls-enabled, it is currently not possible to use self-signed certificate, because certmgr will reject it.
The request is to support self-signed certificates, in order to support the use case described in https://github.com/NixOS/nixpkgs/pull/45670 where certmgr is intended to support Kubernetes on NixOS.
Opening this as an issue to put the question of whether certmgr should support self-signed certs, and to expose that as a desirable goal for the above use case.