Currently the ssl.truststore.crt entry in the Access Operator Secret only contains the CA in ca.crt entry from the Cluster CA Secret. We should create a bundle containing all CAs so as to account for the process when a key replacement is in progress.
We should update the getConnectionSecretData method to combine the CAs, taking into account that if an individual CA file is a chain we only need the last in the chain.
Currently the
ssl.truststore.crtentry in the Access Operator Secret only contains the CA inca.crtentry from the Cluster CA Secret. We should create a bundle containing all CAs so as to account for the process when a key replacement is in progress.We should update the
getConnectionSecretDatamethod to combine the CAs, taking into account that if an individual CA file is a chain we only need the last in the chain.