BYO server and client certificates

Bring your own server and client TLS certificates and manage the TLS certificate lifecycle yourself.

Instead of using Gloo Gateway self-signed certificates for the root CA certificate, you can generate your own relay root and intermediate CA certificates and keys with the certificate management tool of your choice. You then use the intermediate CA credentials to create the server TLS certificate for the Gloo management server and the client TLS certificate for the Gloo agent. Because the intermediate CA credentials are stored outside the cluster, you cannot leverage the built-in client TLS certificate rotation capability in Gloo Gateway. Instead, you use your own processes and tools to monitor the expiration and rotate all of your certificates.

For more information about this approach, see Bring your own CAs and client TLS certificates .

Choose between the following options: