diff --git a/aks/outputs.tf b/aks/outputs.tf
index f5e185a..361f3e8 100644
--- a/aks/outputs.tf
+++ b/aks/outputs.tf
@@ -3,7 +3,7 @@ output "id" {
   value       = module.cert-manager.id
 }
 
-output "issuers" {
-  description = "List of issuers created by cert-manager"
-  value       = module.cert-manager.issuers
+output "cluster_issuers" {
+  description = "List of cluster issuers created by cert-manager."
+  value       = module.cert-manager.cluster_issuers
 }
diff --git a/eks/outputs.tf b/eks/outputs.tf
index f5e185a..361f3e8 100644
--- a/eks/outputs.tf
+++ b/eks/outputs.tf
@@ -3,7 +3,7 @@ output "id" {
   value       = module.cert-manager.id
 }
 
-output "issuers" {
-  description = "List of issuers created by cert-manager"
-  value       = module.cert-manager.issuers
+output "cluster_issuers" {
+  description = "List of cluster issuers created by cert-manager."
+  value       = module.cert-manager.cluster_issuers
 }
diff --git a/locals.tf b/locals.tf
index b130ba1..669b948 100644
--- a/locals.tf
+++ b/locals.tf
@@ -1,7 +1,7 @@
 locals {
   issuers = {
     letsencrypt = {
-      prod = {
+      production = {
         name   = "letsencrypt-prod"
         email  = "letsencrypt@camptocamp.com"
         server = "https://acme-v02.api.letsencrypt.org/directory"
diff --git a/outputs.tf b/outputs.tf
index 3565720..d16ded2 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -3,7 +3,15 @@ output "id" {
   value       = resource.null_resource.this.id
 }
 
-output "issuers" {
-  description = "List of issuers created by cert-manager"
-  value       = local.issuers
+output "cluster_issuers" {
+  description = "List of cluster issuers created by cert-manager."
+  value = merge({
+    default = "selfsigned-issuer"
+    }, {
+    for issuer_id, issuer in { ca = "ca-issuer" } : issuer_id => issuer
+    if can(var.helm_values[0].cert-manager.tlsCrt) && can(var.helm_values[0].cert-manager.tlsKey)
+    }, {
+    for issuer_id, issuer in local.issuers.letsencrypt : issuer_id => issuer.name
+    if var.helm_values[0].cert-manager.clusterIssuers.letsencrypt.enabled
+  })
 }
diff --git a/scaleway/outputs.tf b/scaleway/outputs.tf
index f5e185a..361f3e8 100644
--- a/scaleway/outputs.tf
+++ b/scaleway/outputs.tf
@@ -3,7 +3,7 @@ output "id" {
   value       = module.cert-manager.id
 }
 
-output "issuers" {
-  description = "List of issuers created by cert-manager"
-  value       = module.cert-manager.issuers
+output "cluster_issuers" {
+  description = "List of cluster issuers created by cert-manager."
+  value       = module.cert-manager.cluster_issuers
 }
diff --git a/self-signed/locals.tf b/self-signed/locals.tf
new file mode 100644
index 0000000..5ee6f02
--- /dev/null
+++ b/self-signed/locals.tf
@@ -0,0 +1,13 @@
+locals {
+  helm_values = [{
+    cert-manager = {
+      tlsCrt = base64encode(tls_self_signed_cert.root.cert_pem)
+      tlsKey = base64encode(tls_private_key.root.private_key_pem)
+      clusterIssuers = {
+        letsencrypt = {
+          enabled = false
+        }
+      }
+    }
+  }]
+}
diff --git a/self-signed/main.tf b/self-signed/main.tf
index 0db609c..66b7bd1 100644
--- a/self-signed/main.tf
+++ b/self-signed/main.tf
@@ -1,13 +1,14 @@
 resource "tls_private_key" "root" {
-  algorithm = "ECDSA"
+  algorithm   = "ECDSA"
+  ecdsa_curve = "P256"
 }
 
 resource "tls_self_signed_cert" "root" {
   private_key_pem = tls_private_key.root.private_key_pem
 
   subject {
-    common_name  = "devops-stack.camptocamp.com"
-    organization = "Camptocamp, SA"
+    common_name  = "DevOps Stack"
+    organization = "Camptocamp"
   }
 
   validity_period_hours = 8760
@@ -33,12 +34,7 @@ module "cert-manager" {
   deep_merge_append_list = var.deep_merge_append_list
   app_autosync           = var.app_autosync
 
-  helm_values = concat([{
-    cert-manager = {
-      tlsCrt = base64encode(tls_self_signed_cert.root.cert_pem)
-      tlsKey = base64encode(tls_private_key.root.private_key_pem)
-    }
-  }], var.helm_values)
+  helm_values = concat(local.helm_values, var.helm_values)
 
   dependency_ids = var.dependency_ids
 }
diff --git a/self-signed/outputs.tf b/self-signed/outputs.tf
index f5e185a..1a4f708 100644
--- a/self-signed/outputs.tf
+++ b/self-signed/outputs.tf
@@ -3,7 +3,13 @@ output "id" {
   value       = module.cert-manager.id
 }
 
-output "issuers" {
-  description = "List of issuers created by cert-manager"
-  value       = module.cert-manager.issuers
+output "cluster_issuers" {
+  description = "List of cluster issuers created by cert-manager."
+  value       = module.cert-manager.cluster_issuers
+}
+
+output "ca_issuer_certificate" {
+  description = "The CA certificate used by the `ca-issuer`. You can copy this value into a `*.pem` file and use it as a CA certificate in your browser to avoid having insecure warnings."
+  value       = trimspace(resource.tls_self_signed_cert.root.cert_pem)
+  sensitive   = true
 }
diff --git a/sks/outputs.tf b/sks/outputs.tf
index f5e185a..361f3e8 100644
--- a/sks/outputs.tf
+++ b/sks/outputs.tf
@@ -3,7 +3,7 @@ output "id" {
   value       = module.cert-manager.id
 }
 
-output "issuers" {
-  description = "List of issuers created by cert-manager"
-  value       = module.cert-manager.issuers
+output "cluster_issuers" {
+  description = "List of cluster issuers created by cert-manager."
+  value       = module.cert-manager.cluster_issuers
 }