cert-manager can be used to manage SSL certificates, such as creating a new SSL certificate, renewing an SSL certificate, revoking an SSL certificate, on so on.

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

Before creating a new SSL certificate using cert-manager, you are going to want to list the available issues. The oc get issuers command can be used to list the issues that can be used by cert-manager. It's fairly common for the oc get issuers command to return "No resources found" since issues are typically a cluster wide resource, and not limited to a particular namespace.

~]$ oc get issuers --all-namespaces
No resources found

The oc get clusterissuers command can be used to list the issuers that cert-manager can used in any namespace in the OpenShift cluster.

~]$ oc get clusterissuers
NAME                         READY   AGE
public-clusterissuer         True    649d
internal-clusterissuer       True    471d

Here is an example of what you could have if you are using Let's Encrypt to issue certificates.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: john.doe@example.com
    privateKeySecretRef:
      name: letsencrypt-account-key
    solvers:
    - http01:
        ingress:
          class: nginx

Here is an example of what you could have if you are using Venafi to issue certificates.

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: venafi
spec:
  venafi:
    tpp:
      caBundle: abc...xyz
      credentialsRef:
        name: venafi-token
      url: https://venafiapi.example.com/vedsdk
    zone: cert-manager\public-ca