• Logo
    Certificate Management
  • documentation.ubuntu.com
  • More resources
    • Discourse
    • Matrix
    • GitHub
Contents Menu Expand Light mode Dark mode Auto light/dark, in light mode Auto light/dark, in dark mode Skip to content
Certificate Management documentation
Certificate Management documentation

For Charm Developers

  • Tutorials
    • Getting Started with the TLS Certificates Library (v4)
  • How-to guides
    • Testing your requirer charm
  • Reference
    • The tls-certificates library
    • TLS Certificates Interface Library Versions
    • Important Update: New Labels for Juju Secrets
    • Recommended Juju Configuration Options for TLS Requirers
  • Explanation
    • Do I need to implement the TLS library?
    • Common Name and SANs Attributes
    • Certificate Renewal with the TLS Certificates Library v4
    • Differences between TLS Certificates Library v3 and v4
    • Security Explanation in TLS Certificates Interface

For Charm Operators

  • Tutorials
  • Reference
    • Deployment blueprints
      • Multi-model TLS reference architecture
  • Explanation
    • Understanding TLS in Juju deployments
    • Securing internal communication
    • Securing API communication
    • CA trust best practices
Back to top

ExplanationΒΆ

  • Understanding TLS in Juju deployments
    • Where to terminate TLS
    • Choosing a TLS provider
    • Why API and internal certificates often require separate CAs
  • Securing internal communication
    • Architecture
    • How it works
    • When to use
    • Related topics
  • Securing API communication
    • With an ingress
    • Without an ingress
    • When to use
    • Related topics
  • CA trust best practices
    • Trust establishment between clients and applications
    • Best practices for production deployments
Next
Understanding TLS in Juju deployments
Previous
Multi-model TLS reference architecture
© 2026 CC-BY-SA, Canonical Ltd.
Last updated on May 04, 2026
Contents
  • Explanation