Mutual TLS with external CA Configuration

Hi Security team,

My company is using Keyfactor as a PKI and I wanna use it for provision cert chain to Istio and rotate cert on expired. Does Istio support to use custom CA Provider like Vault CA integration (deprecated from 1.3)? If not, can I pull request into Istio for it?

Thanks and Best regards,

AFAIK We can use Custom CA in istio.
Please see this. May be this will help you.

@Oliver FYI another use case of Vault.

Yes we will support Vault CA integration. The plan will come out next week. Contribution is of course welcomed. I’ll let you know about the plans. If you have cycles, we could work together.


we use a lot of vault
i will be another user of vault CA :slight_smile:

1 Like

+ 1 for using Vault
We also use vault :slight_smile:

@Oliver We updated istio to 1.6 and using istiod. Is the integration with Vault already working? Where can I follow the development?

1 Like