Certificate Issuance & Management

Istio's Certificate Authority (CA) is not compliant with industry standards, which require CAs to follow strict procedures for certificate issuance and management. The root certificate and private key of the Istio Certificate Authority (CA) is stored within the cluster which can be a potential security risk and this can lead to vulnerabilities in certificate management.

To eliminate the above there is a need to ensure the certificates in the control and data plane are rooted in the enterprise chain of trust but the real-world challenge with certificate management and Istio is how to integrate with existing enterprise PKI solutions.