A frequent request from customers is the ability to integrate Service Mesh with 3rd party certificate authorities, such as Vault. Spire has also come up.

We have said that with SDS in OSSM 2.0, it should be possible / easier to do this, and there are blog posts out there that describe integrating Istio with cert-manager, though there may be some caveats to that.

This is an evolving space, with work being done on a certificate manager plugin in 1.8 (https://preliminary.istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/). We should still document what is possible with OSSM 2.0 / Istio 1.6 for customers, even if there are caveats, and improvements to be made for 2.1 with Istio 1.8.