diff --git a/harmony/src/domain/interpret/mod.rs b/harmony/src/domain/interpret/mod.rs
index d555d9e..97b08ce 100644
--- a/harmony/src/domain/interpret/mod.rs
+++ b/harmony/src/domain/interpret/mod.rs
@@ -194,3 +194,11 @@ impl From<String> for InterpretError {
         }
     }
 }
+
+impl From<serde_yaml::Error> for InterpretError {
+    fn from(value: serde_yaml::Error) -> Self {
+        Self {
+            msg: format!("InterpretError : {value}"),
+        }
+    }
+}
diff --git a/harmony/src/modules/cert_manager/gen_ca_cert.rs b/harmony/src/modules/cert_manager/gen_ca_cert.rs
new file mode 100644
index 0000000..b11da7f
--- /dev/null
+++ b/harmony/src/modules/cert_manager/gen_ca_cert.rs
@@ -0,0 +1,106 @@
+use std::sync::Arc;
+
+use async_trait::async_trait;
+use harmony_types::id::Id;
+use serde::Serialize;
+
+use crate::{
+    data::Version,
+    interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
+    inventory::Inventory,
+    score::Score,
+    topology::{K8sclient, Topology, k8s::K8sClient},
+};
+
+#[derive(Clone, Serialize, Debug)]
+pub struct GenerateCaCertScore {
+    cluster_issuer_name: String,
+    dns_names: String,
+    operator_namespace: String,
+}
+
+impl<T: Topology + K8sclient> Score<T> for GenerateCaCertScore {
+    fn name(&self) -> String {
+        "GenerateCaCertScore".to_string()
+    }
+
+    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
+        Box::new(GenerateCaCertIntepret {
+            score: self.clone(),
+        })
+    }
+}
+
+#[derive(Clone, Serialize, Debug)]
+pub struct GenerateCaCertIntepret {
+    score: GenerateCaCertScore,
+}
+
+#[async_trait]
+impl<T: Topology + K8sclient> Interpret<T> for GenerateCaCertIntepret {
+    async fn execute(
+        &self,
+        _inventory: &Inventory,
+        topology: &T,
+    ) -> Result<Outcome, InterpretError> {
+        let client = topology.k8s_client().await.unwrap();
+        let cert_yaml = self
+            .build_cert_request_yaml(&self.score.cluster_issuer_name, &self.score.dns_names)
+            .unwrap();
+        self.apply_cert_request(&client, cert_yaml, &self.score.operator_namespace)
+            .await?;
+        Ok(Outcome::success("created ca cert".to_string()))
+    }
+
+    fn get_name(&self) -> InterpretName {
+        InterpretName::Custom("GenerateCaCertInterpret")
+    }
+
+    fn get_version(&self) -> Version {
+        todo!()
+    }
+
+    fn get_status(&self) -> InterpretStatus {
+        todo!()
+    }
+
+    fn get_children(&self) -> Vec<Id> {
+        todo!()
+    }
+}
+
+impl GenerateCaCertIntepret {
+    pub fn build_cert_request_yaml(
+        &self,
+        cluster_issuer_name: &str,
+        dns_names: &str,
+    ) -> Result<serde_yaml::Value, InterpretError> {
+        let cert_yaml = format!(
+            r#"
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ingress-cert
+  namespace: openshift-ingress
+spec:
+  secretName: ingress-cert-tls
+  issuerRef:
+    name: {cluster_issuer_name}
+    kind: ClusterIssuer
+  dnsNames:
+  - "*.{dns_names}"
+        "#
+        );
+        Ok(serde_yaml::to_value(cert_yaml)?)
+    }
+    pub async fn apply_cert_request(
+        &self,
+        client: &Arc<K8sClient>,
+        cert_yaml: serde_yaml::Value,
+        operator_namespace: &str,
+    ) -> Result<(), InterpretError> {
+        Ok(client
+            .apply_yaml(&cert_yaml, Some(operator_namespace))
+            .await?)
+    }
+}
diff --git a/harmony/src/modules/cert_manager/mod.rs b/harmony/src/modules/cert_manager/mod.rs
index 8fd309a..be94a37 100644
--- a/harmony/src/modules/cert_manager/mod.rs
+++ b/harmony/src/modules/cert_manager/mod.rs
@@ -1,2 +1,3 @@
+mod gen_ca_cert;
 mod helm;
 pub use helm::*;