Tigera: Trust but Verify: Proving mTLS Is Actually Working Across Your Kubernetes Cluster

You enabled mTLS in your service mesh. The security team is satisfied—on paper. But how do you actually know it is working? When an auditor asks for proof that mTLS is enforced across namespaces, how do you provide the evidence?

In this demo, we focus on the verification and troubleshooting side of mTLS that rarely gets enough attention. Using Istio Ambient Mesh and Calico’s Unified Platform, we look at some common misconfigurations and how to fix them..

• Proving Encryption Is Active: Go beyond policy declarations—use Calico’s flow logs and observability dashboards to visually confirm that traffic between services is encrypted, connection by connection.
• Audit-Ready Reporting: Generate evidence that mTLS is enforced across namespaces, suitable for compliance reviews and security audits without manual packet captures.
• Debugging Connection Failures: Walk through a systematic troubleshooting workflow when services fail to connect whether the issue is a certificate failure, an identity mismatch or policy misconfiguration.

Join us to learn how to move from “mTLS is enabled” to “mTLS is verified”—and build the operational confidence your security team demands.