diff --git a/.github/workflows/ca.conf b/.github/workflows/ca.conf
new file mode 100644
index 0000000..0d744f2
--- /dev/null
+++ b/.github/workflows/ca.conf
@@ -0,0 +1,12 @@
+basicConstraints = CA:TRUE
+keyUsage = cRLSign, keyCertSign
+
+[req]
+distinguished_name = req_distinguished_name
+prompt = no
+
+[req_distinguished_name]
+C = US
+O = MetalBear
+emailAddress = ci@metalbear.co
+CN = ci.metalbear.co
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 3ca41e4..04fdb43 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -33,5 +33,12 @@ jobs:
           cpus: 'max'
           memory: '4gb'
       - uses: azure/setup-helm@v4.1.0
-      - uses: kofemann/action-create-certificate@v0.0.4
-      - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat ./hostkey.pem)" --set tls.data."tls\\.crt"="$(cat ./hostcert.pem)" ./mirrord-operator
+      - run: |
+          openssl genrsa -out ca.key 4096
+          openssl genrsa -out tls.key 4096
+          openssl req -x509 -new -sha512 -nodes -key ./ca.key -days 7307 -out ./ca.crt -config ./.github/workflows/ca.conf
+          openssl req -new -key ./tls.key -out ./tls.csr -config ./.github/workflows/tls.conf
+          openssl x509 -req -in ./tls.csr -CA ./ca.crt -CAkey ./ca.key \
+            -CAcreateserial -out ./tls.crt -days 10000 \
+            -extensions v3_req -extfile ./.github/workflows/tls.conf
+      - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat tls.key)" tls.data."tls\\.crt"="$(cat tls.crt)" ./mirrord-operator
diff --git a/.github/workflows/tls.conf b/.github/workflows/tls.conf
new file mode 100644
index 0000000..9027855
--- /dev/null
+++ b/.github/workflows/tls.conf
@@ -0,0 +1,19 @@
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+x509_extensions = v3_req
+distinguished_name = dn
+
+[dn]
+C = US
+O = MetalBear
+emailAddress = ci@metalbear.co
+CN = ci.metalbear.co
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = mirrord-operator.mirrord.svc
+DNS.2 = mirrord-operator.mirrord.svc.cluster.local