• Single cluster
    • Multicluster
    • Overview
    • Architecture
    • Relay architecture
  • interactive_space Insights
      • Install the meshctl CLI
      • Licensing
      • System requirements
      • Installation options
    • Install with Helm
      • Best practices for production
        • Management server
        • Gloo UI
          • Setup options
          • Certificate rotation overview
          • Insecure setup
            • Self-signed server certificate
            • BYO server certificate
            • Self-signed server certificate with managed client certificates
            • BYO server certificate with managed client certificate
              • OpenSSL
              • AWS
              • Vault
      • Control user access to your resources
    • Upgrade
    • Uninstall
    • About the telemetry pipeline
      • Overview
        • Overview
        • Explore the UI
          • Overview
          • External auth with Google
          • External auth with Dex
          • External auth with Okta
          • OIDC settings in Helm
          • RBAC for resources in the UI
        • Configure the UI for HTTPS
        • Connect the Gloo UI to OpenShift Prometheus
        • Overview
        • Run sample PromQL queries
        • Metrics
        • Alerts
        • Customization options
        • Overview
        • Set up and access Grafana
        • Import the Cilium dashboard
      • Add Cilium insights
      • Collect compute instance metadata
      • Add Cilium flow logs
      • Forward metrics to Datadog
      • Forward metrics to OpenShift
      • Gloo Network for Cilium versions
      • Open Source attribution
      • Feature gates
      • Release notes
      • Dashboard
      • InsightsConfig
      • Helm chart overview
      • Gloo Platform
      • Gloo Platform CRDs
      • meshctl
      • meshctl check
      • meshctl check server
      • meshctl cluster
      • meshctl cluster deregister
      • meshctl cluster list
      • meshctl cluster register
      • meshctl dashboard
      • meshctl debug
      • meshctl debug report
      • meshctl hubble
      • meshctl hubble observe
      • meshctl install
      • meshctl license
      • meshctl license check
      • meshctl logs
      • meshctl proxy
      • meshctl uninstall
      • meshctl version
      • CVE lifecycle handling
      • Security and CVE scan results
    • Gloo component permissions
    • General debugging
    • Management server
    • Agent
    • UI graph
    • Observability pipeline
    • Redis
    • About Solo Support
    • Submit a request
    • Add support information
  • open_in_new Cilium documentation
    • main
    • 2.5 (latest)
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Setup
    • Advanced setup
    • Certificate management
    • Relay certificates
    • TLS
    On this page

    TLS

    Secure the relay connection between the Gloo management server and agent by using simple TLS.

    article

    Self-signed server certificate

    Use Gloo Mesh Enterprise self-signed certificates for the root CA and use these credentials to …

    article

    BYO server certificate

    Use your preferred PKI provider to generate the server TLS certificate for the Gloo management …

    Solo.io copyright 2025