• Single cluster
    • Multicluster
    • Overview
    • Architecture
    • Relay architecture
  • interactive_space Insights
      • Install the meshctl CLI
      • Licensing
      • System requirements
      • Installation options
    • Install with Helm
      • Best practices for production
        • Management server
        • Gloo UI
          • Setup options
          • Certificate rotation overview
          • Insecure setup
            • Self-signed server certificate
            • BYO server certificate
            • Self-signed server certificate with managed client certificates
            • BYO server certificate with managed client certificate
              • OpenSSL
              • AWS
              • Vault
      • Control user access to your resources
    • Upgrade
    • Uninstall
    • About the telemetry pipeline
      • Overview
        • Overview
        • Explore the UI
          • Overview
          • External auth with Google
          • External auth with Dex
          • External auth with Okta
          • OIDC settings in Helm
          • RBAC for resources in the UI
        • Configure the UI for HTTPS
        • Connect the Gloo UI to OpenShift Prometheus
        • Overview
        • Run sample PromQL queries
        • Metrics
        • Alerts
        • Customization options
        • Overview
        • Set up and access Grafana
        • Import the Cilium dashboard
      • Add Cilium insights
      • Collect compute instance metadata
      • Add Cilium flow logs
      • Forward metrics to Datadog
      • Forward metrics to OpenShift
      • Gloo Network for Cilium versions
      • Open Source attribution
      • Feature gates
      • Release notes
      • Dashboard
      • InsightsConfig
      • Helm chart overview
      • Gloo Platform
      • Gloo Platform CRDs
      • meshctl
      • meshctl check
      • meshctl check server
      • meshctl cluster
      • meshctl cluster deregister
      • meshctl cluster list
      • meshctl cluster register
      • meshctl dashboard
      • meshctl debug
      • meshctl debug report
      • meshctl hubble
      • meshctl hubble observe
      • meshctl install
      • meshctl license
      • meshctl license check
      • meshctl logs
      • meshctl proxy
      • meshctl uninstall
      • meshctl version
      • CVE lifecycle handling
      • Security and CVE scan results
    • Gloo component permissions
    • General debugging
    • Management server
    • Agent
    • UI graph
    • Observability pipeline
    • Redis
    • About Solo Support
    • Submit a request
    • Add support information
  • open_in_new Cilium documentation
    • main
    • 2.5 (latest)
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Setup
    • Advanced setup
    • Certificate management
    • Relay certificates
    On this page

    Relay certificates

    Learn about how to manage the root and intermediate certificates that the Gloo management server and agents use to secure their relay connection.

    article

    Setup options

    Review the options that you have to secure the communication between the Gloo management server and …

    article

    Certificate rotation overview

    Learn about the options to automatically rotate certificates with {{< reuse …

    article

    Insecure setup

    In demo or testing setups only, you can use an insecure relay connection.

    article

    TLS

    Secure the relay connection between the Gloo management server and agent by using simple TLS.

    article

    mTLS

    Secure the relay connection between the Gloo management server and agent by using mutual TLS.

    Solo.io copyright 2025