• Single cluster
    • Multicluster  ENTERPRISE
  • lightbulb About
      • Overview
      • Architecture
        • Overview
        • Enterprise features
        • Supported versions
      • Multicluster  ENTERPRISE
        • Gloo Operator
        • Helm
        • Migrate from a sidecar mesh
        • Add services to the mesh
        • Add ECS services to the mesh  ENTERPRISE
        • Add VMs to the mesh
          • Gloo Operator
          • Helm
        • Flat networking (advanced)
        • Add services to the mesh
        • Add ECS services to the mesh
        • Add VMs to the mesh
        • Overview
        • Make services available across clusters
        • About multitenancy and namespace sameness
        • Namespace flexibility with segments
        • Create segments
        • Multicluster peering
      • Overview
      • Ingress
      • East-west and waypoints
        • Standard egress setup
        • Advanced mTLS egress  ENTERPRISE
        • Overview
          • Ztunnel
          • Waypoint
          • kgateway
          • Istio ingress gateway
          • Sidecar
        • Ztunnel (L4)
        • Waypoints (L7)
        • L7 load balancing with kgateway
        • Multicluster zone and region failover  ENTERPRISE
        • Ztunnel outlier detection
      • Overview
      • Secure workload identities with SPIRE  ENTERPRISE
      • Overview
      • Layer 7 observability for ztunnels  ENTERPRISE
        • Gloo Operator
        • Helm
      • Drain clusters in the mesh  ENTERPRISE
      • Uninstall
      • Service mesh options
        • Overview
        • Supported Solo distributions of Istio
        • Gloo Operator
        • Migrate to the Gloo Operator
        • Helm
        • EKS add-on
        • AKS extension
          • Gloo Operator
          • Helm
        • Flat networking (advanced)
    • Enroll apps
      • Overview
      • Ingress
      • Egress
    • Resiliency
      • Istio certificate management
      • Bring your own Istio CAs with AWS
      • Security overview
    • Observability
      • Gloo Operator
      • Helm
    • Uninstall
      • Overview
      • Architecture
      • Multicluster relay architecture
        • Licensing
        • System requirements
      • Single cluster management
      • Multicluster management
    • Explore the UI
      • About the telemetry pipeline
      • Collect compute instance metadata
      • Collect Istio access logs
      • Collect Istio request traces with Jaeger
      • Enable logging
        • Overview
        • Run sample PromQL queries
        • Metrics
        • Customization options
        • Forward metrics to Datadog
        • Forward metrics to OpenShift
      • Best practices for production
          • Setup options
          • Certificate rotation overview
          • Insecure setup
            • Self-signed server certificate
            • BYO server certificate
            • Self-signed server certificate with managed client certificates
            • BYO server certificate with managed client certificate
              • OpenSSL
              • AWS
              • Vault
          • Istio CA overview
          • Bring your own Istio CAs with AWS
        • Overview
          • Overview
          • External auth with Google
          • External auth with Dex
          • External auth with Okta
          • OIDC settings in Helm
          • RBAC for resources in the UI
        • Configure the UI for HTTPS
        • Connect the Gloo UI to OpenShift Prometheus
        • About Redis
        • Built-in Redis
        • Local Redis
        • External Redis
    • Upgrade
    • Uninstall
      • Solo Enterprise for Istio versions
      • Open Source attribution
      • Release notes
      • Gloo Operator changelog
          • 1.29.1-patch0
          • 1.29.1
          • 1.29.0
          • 1.28.5-patch0
          • 1.28.5
          • 1.28.4
          • 1.28.3-patch0
          • 1.28.3
          • 1.28.2
          • 1.28.1-patch0
          • 1.28.1
          • 1.28.0-patch0
          • 1.28.0
          • 1.27.8-patch0
          • 1.27.8
          • 1.27.7
          • 1.27.5-patch0
          • 1.27.5
          • 1.27.4
          • 1.27.3-patch0
          • 1.27.3
          • 1.27.2
          • 1.27.1-patch1
          • 1.27.1-patch0
          • 1.27.1
          • 1.27.0-patch0
          • 1.27.0
          • 1.26.8-patch3
          • 1.26.8-patch2
          • 1.26.8-patch1
          • 1.26.8-patch0
          • 1.26.8
          • 1.26.7
          • 1.26.6
          • 1.26.5
          • 1.26.4
          • 1.26.3-patch1
          • 1.26.2-patch0
          • 1.26.3
          • 1.26.2
          • 1.26.1-patch0
          • 1.26.1
          • 1.26.0
          • 1.25.5-patch6
          • 1.25.5-patch5
          • 1.25.5-patch4
          • 1.25.5-patch3
          • 1.25.5-patch2
          • 1.25.5-patch1
          • 1.25.5-patch0
          • 1.25.5
          • 1.25.4
          • 1.25.3
          • 1.25.2-patch0
          • 1.25.2
          • 1.25.1
          • 1.25.0
      • Gloo Operator APIs
      • Gloo Operator
      • Multicluster ambient peering
        • Overview
        • istioctl bootstrap
        • istioctl ecs add-service
        • istioctl multicluster check
        • istioctl multicluster expose
        • istioctl multicluster link
      • Debug Istio
      • Multicluster peering
      • Gloo Operator and ServiceMeshController
    • About Solo Support
    • Submit a request
    • Add support information
  • open_in_new Istio documentation
    • Solo Enterprise for Istio
    • main
    • 2.12 (latest, Istio 1.29)
    • 2.11 (Istio 1.28)
    • 2.10 (Istio 1.27)
    • 2.9 (Istio 1.26)
    • Gloo Mesh (Gloo Platform APIs)
    • main
    • 2.12 (latest)
    • 2.11
    • 2.10
    • 2.9
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Solo UI
    • Advanced settings
    • Certificate management
    • Relay certificates
    On this page

    You are viewing the documentation for Solo Enterprise for Istio, formerly known as Gloo Mesh (OSS APIs). This version of the documentation is currently under development. Select latest from the version drop down or go to the landing page of the latest stable version.

    Relay certificates

    Learn about how to manage the root and intermediate certificates that the Gloo management server and agents use to secure their relay connection.

    article

    Setup options

    Review the options that you have to secure the communication between the Gloo management server and …

    article

    Certificate rotation overview

    Learn about the options to automatically rotate certificates with Solo Enterprise for Istio.

    article

    Insecure setup

    In demo or testing setups only, you can use an insecure relay connection.

    article

    TLS

    Secure the relay connection between the Gloo management server and agent by using simple TLS.

    article

    mTLS

    Secure the relay connection between the Gloo management server and agent by using mutual TLS.

    Solo.io copyright 2026