Managed CAs

Setup options

Learn how you can use the Gloo Mesh root trust policy to fully or partially manage the Istio CA lifecycle.

Certificate rotation

Learn how the Istio root, intermediate, and leaf certificates are rotated when you use the Gloo Mesh root trust policy.

Manage the entire Istio CA lifecycle

Use Gloo Mesh to fully manage the Istio root and intermediate CA lifecycle with self-signed root CA certificates.

Manage Istio intermediate CAs

Generate the root CA certificate and key, and configure Gloo Mesh to automatically derive intermediate CA certificates and keys from the root CA.

Integrate with Vault

Set up a Vault instance that stores the root CA certificate and key. Gloo Mesh then configures the Istio control plane to derive intermediate CA certificates and keys from the root CA in Vault.