Stay organized with collections
Save and categorize content based on your preferences.
Integration with other Google Cloud services
This document provides a summary of the Google Cloud services that have an
integration with Certificate Authority Service.
Cloud Service Mesh
Cloud Service Mesh is a suite of tools that helps you monitor and manage a reliable
service mesh on-premises or on Google Cloud. You can configure Cloud Service Mesh to
use CA Service for the following use cases:
- If you need a dedicated certificate authority (CA) to sign workload certificates
that's not shared with other users, or different CAs on different clusters.
- If you need to back your signing keys in a managed HSM.
- If you are in a highly regulated industry and are subject to compliance.
- If you want your workload certificates in Cloud Service Mesh to chain up to an
existing enterprise root CA certificate.
To learn how to use CA Service with Cloud Service Mesh, see Install default features and Certificate Authority (CA)
.
Cloud Service Mesh
Cloud Service Mesh lets you secure service-to-service communications in your mesh.
CA Service integrates with Cloud Service Mesh to provide identity
certificates to workloads running on Google Kubernetes Engine. You can modify your
pods to allow workloads to receive and use these credentials for mTLS.
To learn how to use CA Service with Cloud Service Mesh, see the following
pages:
Certificate Manager
CA Service integrates with Certificate Manager to simplify
the process of managing the lifecycle of private certificates and provisioning
private certificates to your load balancers
before the certificates expire.
CA Service contains the CA pool that issues the private certificates
while Certificate Manager lets you configure the issuance and provisioning
of certificates to your load balancers.
To learn how to use Certificate Manager with CA Service, see Configure CA Service integration with Certificate Manager
.
What's next
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License
, and code samples are licensed under the Apache 2.0 License
. For details, see the Google Developers Site Policies
. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-04 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eCertificate Authority (CA) Service integrates with Cloud Service Mesh to issue dedicated workload certificates for use cases such as unique CAs, managed HSM-backed signing keys, compliance in regulated industries, and chaining to existing enterprise root CA certificates.\u003c/p\u003e\n"],["\u003cp\u003eCA Service works with Cloud Service Mesh to secure service-to-service communication by providing identity certificates for workloads running on Google Kubernetes Engine, allowing the use of these credentials for mTLS.\u003c/p\u003e\n"],["\u003cp\u003eCertificate Manager integrates with CA Service, where CA Service creates the CA pool that issues private certificates, and Certificate Manager handles the configuration and provisioning of those certificates to load balancers.\u003c/p\u003e\n"]]],[],null,["# Integration with other Google Cloud services\n============================================\n\nThis document provides a summary of the Google Cloud services that have an\nintegration with Certificate Authority Service.\n\nCloud Service Mesh\n------------------\n\nCloud Service Mesh is a suite of tools that helps you monitor and manage a reliable\nservice mesh on-premises or on Google Cloud. You can configure Cloud Service Mesh to\nuse CA Service for the following use cases:\n\n- If you need a dedicated certificate authority (CA) to sign workload certificates that's not shared with other users, or different CAs on different clusters.\n- If you need to back your signing keys in a managed HSM.\n- If you are in a highly regulated industry and are subject to compliance.\n- If you want your workload certificates in Cloud Service Mesh to chain up to an existing enterprise root CA certificate.\n\nTo learn how to use CA Service with Cloud Service Mesh, see\n[Install default features and Certificate Authority (CA)](/service-mesh/docs/unified-install/install-anthos-service-mesh#install_ca_service).\n\nCloud Service Mesh\n------------------\n\nCloud Service Mesh lets you secure service-to-service communications in your mesh.\nCA Service integrates with Cloud Service Mesh to provide identity\ncertificates to workloads running on Google Kubernetes Engine. You can modify your\npods to allow workloads to receive and use these credentials for mTLS.\n\nTo learn how to use CA Service with Cloud Service Mesh, see the following\npages:\n\n- [Set up service security with Envoy](/traffic-director/docs/security-envoy-setup)\n- [Set up service security with proxyless gRPC](/traffic-director/docs/security-proxyless-setup)\n\nCertificate Manager\n-------------------\n\nCA Service integrates with Certificate Manager to simplify\nthe process of managing the lifecycle of private certificates and provisioning\nprivate certificates to your *load balancers* before the certificates expire.\nCA Service contains the CA pool that issues the private certificates\nwhile Certificate Manager lets you configure the issuance and provisioning\nof certificates to your load balancers.\n\nTo learn how to use Certificate Manager with CA Service, see\n[Configure CA Service integration with Certificate Manager](/certificate-manager/docs/certificates#int-cas).\n\nWhat's next\n-----------\n\n- [Prepare your environment for Certificate Authority Service](/certificate-authority-service/docs/prepare-environment).\n- Get started with [CA Service](/certificate-authority-service/docs/create-certificate)."]]
