Confirm that you have a cert manager installed:

kubectl get pods -A | grep 'cert-manager'

cert-manager   essential-cert-manager-84446f49d5-sf2zd              1/1     Running    0     6d5h
cert-manager   essential-cert-manager-cainjector-66dc99cc56-9ldmt   1/1     Running    0     6d5h
cert-manager   essential-cert-manager-webhook-56b76db9cc-fjqrq      1/1     Running    0     6d5h

Create a certificate/key pair for the astraAddress FQDN:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt

Generating a 2048 bit RSA private key
..................+++
........................................+++
writing new private key to 'tls.key'

Create a secret with previously generated files:

kubectl create secret tls selfsigned-tls --key tls.key --cert tls.crt -n <cert-manager-namespace>

secret/selfsigned-tls created

Create a ClusterIssuer file that is exactly the following but includes the namespace location where your cert-manager pods are installed:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: astra-ca-clusterissuer
  namespace: <cert-manager-namespace>
spec:
  ca:
    secretName: selfsigned-tls

kubectl apply -f ClusterIssuer.yaml

clusterissuer.cert-manager.io/astra-ca-clusterissuer created

Verify that the ClusterIssuer has come up correctly. Ready must be True before you can proceed:

kubectl get ClusterIssuer

NAME                     READY   AGE
astra-ca-clusterissuer   True    9s

Complete the Astra Control Center installation process. There is a required configuration step for the Astra Control Center cluster YAML in which you change the CRD value to indicate that the cert manager is externally installed. You must complete this step during installation so that Astra Control Center recognizes the external cert manager.