diff --git a/Makefile b/Makefile
index 79a4901..8325faa 100644
--- a/Makefile
+++ b/Makefile
@@ -9,6 +9,8 @@ TARGET_NAMESPACE ?= blue
 KIND_CLUSTER_NAME ?= hmc-management-local
 
 
+OPENSSL_DOCKER_IMAGE ?= alpine/openssl:3.3.2
+
 TEMPLATES_DIR := templates
 TEMPLATE_FOLDERS = $(patsubst $(TEMPLATES_DIR)/%,%,$(wildcard $(TEMPLATES_DIR)/*))
 CHARTS_PACKAGE_DIR ?= $(LOCALBIN)/charts
@@ -419,13 +421,13 @@ certs/ca/ca.key:
 
 certs/platform-engineer1/platform-engineer1.key:
 	mkdir -p certs/platform-engineer1
-	openssl genrsa -out certs/platform-engineer1/platform-engineer1.key 2048
+	docker run -v ./certs:/certs $(OPENSSL_DOCKER_IMAGE) genrsa -out /certs/platform-engineer1/platform-engineer1.key 2048
 
 certs/platform-engineer1/platform-engineer1.csr: certs/platform-engineer1/platform-engineer1.key
-	openssl req -new -key certs/platform-engineer1/platform-engineer1.key -out certs/platform-engineer1/platform-engineer1.csr -subj '/CN=platform-engineer1/O=$(TARGET_NAMESPACE)'
+	docker run -v ./certs:/certs $(OPENSSL_DOCKER_IMAGE) req -new -key /certs/platform-engineer1/platform-engineer1.key -out /certs/platform-engineer1/platform-engineer1.csr -subj '/CN=platform-engineer1/O=$(TARGET_NAMESPACE)'
 
 certs/platform-engineer1/platform-engineer1.crt: certs/platform-engineer1/platform-engineer1.csr certs/ca/ca.crt certs/ca/ca.key
-	openssl x509 -req -in certs/platform-engineer1/platform-engineer1.csr -CA certs/ca/ca.crt -CAkey certs/ca/ca.key -CAcreateserial -out certs/platform-engineer1/platform-engineer1.crt -days 360
+	docker run -v ./certs:/certs $(OPENSSL_DOCKER_IMAGE) x509 -req -in /certs/platform-engineer1/platform-engineer1.csr -CA /certs/ca/ca.crt -CAkey /certs/ca/ca.key -CAcreateserial -out /certs/platform-engineer1/platform-engineer1.crt -days 360
 
 ##@ Cleanup